On Fri, Mar 18, 2005 at 09:09:12PM +0100, Michael Schwendt wrote: > On Fri, 18 Mar 2005 20:37:39 +0100, Ralf Ertzinger wrote: > > > Hi. > > > > Dave Jones <davej@xxxxxxxxxx> wrote: > > > > > If we set strict ulimits by default we'd have people writing articles > > > like "Fedora is teh suck, I can't malloc more than xMB in a single > > > process" What's fit for one configuration may not be for another. > > > One size most definitly does not fit all. > > > > Especially as the article is quite uninformative about the resource > > that was exhausted. My FD has a ulimit on the number of processes, > > and I did not set that, and it has been this way for some time, I think. > > The default ulimit on max user processes is so high, it doesn't serve as > protection. An admin must find much tighter limits to make a box more > secure against fork bomb DoS attacks. What are the limits on the BSD machines he used for his tests?
