forkbomb attack
Zhukov Pavel
gelios at gmail.com
Fri Nov 30 15:05:58 UTC 2007
On Nov 30, 2007 5:52 PM, Chris Snook <csnook at redhat.com> wrote:
> Zhukov Pavel wrote:
> > why modern fedora affected by simple forkbomb attack?
> >
>
> Because it's hard to set static defaults that are reasonable for both a low-end
> laptop and a 16-core server with 128 GB of RAM. Theoretically we could
> configure the defaults in limits.conf dynamically at installation time, but no
> one has ever cared enough to write the code and test it on the wide range of
> hardware and software configurations required to get it right.
>
> Personally, I find the current settings work just fine. The only way I can
> forkbomb my old 384 MB, 1-core powerbook is with a synthetic forkbomb, and the
> fix for it is "don't do that". It survives an accidental forkbomb, such as
> those caused by foolish application handler settings. If you're running
> arbitrary code from untrusted users, a forkbomb is the least of your problems.
> On my 2-core, 2 GB systems, which is a reasonable minimum target for interactive
> servers allowing logins by semi-trusted users, I can't even synthetically
> forkbomb the box without root privileges. The most I can do is lock up my X
> server, which is cured by a remote ssh and a kill. This might be what's
> happening to you.
>
> If you think there's something really wrong, please open a bug with specifics.
>
> -- Chris
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
hm. for example, can i keep in reserve for example 5% of system
resources for root user?
i just successfully DoS C2D5600/2GB laptop with simple :(){ :|:& };:
:(
More information about the fedora-list
mailing list