[wplug] Rumors
Bill Moran
wmoran at potentialtech.com
Fri Mar 18 13:43:54 EST 2005
Vance Kochenderfer <vkochend at nyx.net> wrote:
> billpwl1 <billpwl1 at verizon.net> wrote:
> > Bill, Maybe you could add to the talk what configuration changes need
> > to be made to prevent the fork bomb attacks as discussed in other
> > threads here this week?
>
> My understanding from reading the comments at
> <http://www.securityfocus.com/columnists/308> is that it's not a kernel
> problem, it's a distribution problem. Many Linux distributions (and
> apparently, many versions of AIX, Solaris, and HP-UX) don't have any
> user limits set by default. You can change this as described here
> <http://www.userlocal.com/security/secpam.php> among other places.
Well, I don't want to start a Holy War, but:
My FreeBSD 5.3 desktop has no limits set, and yet it doesn't crash from
a forkbomb.
While limits are a good thing, and should be used, the kernel shouldn't
_crash_ for lack of them (unless root causes it). My experiments with
Fedora 3 are crashing the kernel.
Actually, even root shouldn't be able to crash the system by forkbombing.
The kernel should recognize that its process table is full and simply
refuse to fork any more.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list