forkbomb attack

Zhukov Pavel gelios at
Fri Nov 30 15:05:58 UTC 2007

On Nov 30, 2007 5:52 PM, Chris Snook <csnook at> wrote:
> Zhukov Pavel wrote:
> > why modern fedora affected by simple forkbomb attack?
> >
> Because it's hard to set static defaults that are reasonable for both a low-end
> laptop and a 16-core server with 128 GB of RAM.  Theoretically we could
> configure the defaults in limits.conf dynamically at installation time, but no
> one has ever cared enough to write the code and test it on the wide range of
> hardware and software configurations required to get it right.
> Personally, I find the current settings work just fine.  The only way I can
> forkbomb my old 384 MB, 1-core powerbook is with a synthetic forkbomb, and the
> fix for it is "don't do that".  It survives an accidental forkbomb, such as
> those caused by foolish application handler settings.  If you're running
> arbitrary code from untrusted users, a forkbomb is the least of your problems.
> On my 2-core, 2 GB systems, which is a reasonable minimum target for interactive
> servers allowing logins by semi-trusted users, I can't even synthetically
> forkbomb the box without root privileges.  The most I can do is lock up my X
> server, which is cured by a remote ssh and a kill.  This might be what's
> happening to you.
> If you think there's something really wrong, please open a bug with specifics.
>         -- Chris
> --
> fedora-list mailing list
> fedora-list at
> To unsubscribe:

hm. for example, can i keep in reserve for example 5% of system
resources for root user?

i just successfully DoS C2D5600/2GB laptop with simple :(){ :|:& };:


More information about the fedora-list mailing list