Re: forkbomb attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Zhukov Pavel wrote:
why modern fedora affected by simple forkbomb attack?


Because it's hard to set static defaults that are reasonable for both a low-end laptop and a 16-core server with 128 GB of RAM. Theoretically we could configure the defaults in limits.conf dynamically at installation time, but no one has ever cared enough to write the code and test it on the wide range of hardware and software configurations required to get it right.

Personally, I find the current settings work just fine. The only way I can forkbomb my old 384 MB, 1-core powerbook is with a synthetic forkbomb, and the fix for it is "don't do that". It survives an accidental forkbomb, such as those caused by foolish application handler settings. If you're running arbitrary code from untrusted users, a forkbomb is the least of your problems. On my 2-core, 2 GB systems, which is a reasonable minimum target for interactive servers allowing logins by semi-trusted users, I can't even synthetically forkbomb the box without root privileges. The most I can do is lock up my X server, which is cured by a remote ssh and a kill. This might be what's happening to you.

If you think there's something really wrong, please open a bug with specifics.

	-- Chris

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux