On Fri, 18 Mar 2005 20:37:39 +0100, Ralf Ertzinger wrote: > Hi. > > Dave Jones <davej@xxxxxxxxxx> wrote: > > > If we set strict ulimits by default we'd have people writing articles > > like "Fedora is teh suck, I can't malloc more than xMB in a single > > process" What's fit for one configuration may not be for another. > > One size most definitly does not fit all. > > Especially as the article is quite uninformative about the resource > that was exhausted. My FD has a ulimit on the number of processes, > and I did not set that, and it has been this way for some time, I think. The default ulimit on max user processes is so high, it doesn't serve as protection. An admin must find much tighter limits to make a box more secure against fork bomb DoS attacks.
