Fork bombing a Linux machine as a non-root user
Felipe Alfaro Solana
lkml at mac.com
Mon Mar 21 17:40:16 UTC 2005
On 21 Mar 2005, at 17:44, Scot L. Harris wrote:
>> Linux does not protect user space
>> processes from each other.
>
> That statement is incorrect. Linux and Unix in general have done a
> better job of this than Windows ever did. I think what you mean is
> that
> without setting appropriate ulimits there is nothing to keep a user
> process from using all available resources on a system. This in turn
> can impact other users since they may not be able to get resources from
> the system as needed and ultimately it can impact the entire system if
> the kernel is unable to get resources as well.
Well, Linux isn't perfect when isolating processes from each other.
allowing a process denying another one from accessing local resources
could be seen as an attack to the integrity or isolation.
> As Linux becomes more main stream the assumption has to be that users
> won't have the expertise to tune a system. As such reasonable defaults
> and limits should be put in place to protect the user and the system.
> Those that have requirements that exceed these limits should be in the
> 10% range if the defaults and limits are well selected.
I think it's a good idea. But I can see all those Joe-Users flooding
the mailinglists with messages like "When trying to run X I receive
error Y: resources exhausted."
More information about the fedora-list
mailing list