[wplug] Rumors
Poyner, Brandon
bpoyner at ccac.edu
Fri Mar 18 14:32:35 EST 2005
Are you actually experiencing an oops with Fedora Core 3 or is it just
running out of resources? I can only get it to run out of resources.
Looking at the default resource limits between FreeBSD 4.11 and FC3
shows me why FreeBSD handles this more gracefully. The
login.conf/limits.conf on both systems give unlimited resources, but
ulimit -a shows me a big difference in number of permitted processes by
the kernel. I limited a FC3 account to fewer processes and it handled a
fork bomb gracefully. I imagine if you tripled kern.maxprocperuid in
FreeBSD you will see a difference.
Brandon Poyner
Network Engineer III
CCAC - College Office
412-237-3086
-----Original Message-----
From: wplug-bounces+bpoyner=ccac.edu at wplug.org
[mailto:wplug-bounces+bpoyner=ccac.edu at wplug.org] On Behalf Of Bill
Moran
Sent: Friday, March 18, 2005 1:44 PM
To: General user list
Cc: vkochend at nyx.net
Subject: Re: [wplug] Rumors
Vance Kochenderfer <vkochend at nyx.net> wrote:
> billpwl1 <billpwl1 at verizon.net> wrote:
> > Bill, Maybe you could add to the talk what configuration changes
need
> > to be made to prevent the fork bomb attacks as discussed in other
> > threads here this week?
>
> My understanding from reading the comments at
> <http://www.securityfocus.com/columnists/308> is that it's not a
kernel
> problem, it's a distribution problem. Many Linux distributions (and
> apparently, many versions of AIX, Solaris, and HP-UX) don't have any
> user limits set by default. You can change this as described here
> <http://www.userlocal.com/security/secpam.php> among other places.
Well, I don't want to start a Holy War, but:
My FreeBSD 5.3 desktop has no limits set, and yet it doesn't crash from
a forkbomb.
While limits are a good thing, and should be used, the kernel shouldn't
_crash_ for lack of them (unless root causes it). My experiments with
Fedora 3 are crashing the kernel.
Actually, even root shouldn't be able to crash the system by
forkbombing.
The kernel should recognize that its process table is full and simply
refuse to fork any more.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
_______________________________________________
wplug mailing list
wplug at wplug.org
http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list