On Fri, 18 Mar 2005 21:23:31 -0700, Tyler Larson <fedora-devel@xxxxxxxxxxx> wrote: > Fork bombs have always been of little concern to admins. They do > relatively little damage and are completely traceable. The perpetrator > does little more than land himself in a lot of hot water. In most cases, > the threat of disciplinary action is enough protection--it's not an > attack that can be launched anonymously. I fully agree. We have a very effective way of dealing with fork bombs and other user stupidity and/or misguided maliciousness -- an Acceptable Usage Policy with a Termination clause, and a handy steel pipe to perform the actual termination. If you have a piece of infrastructure that will suffer if a user drains it of resources, then you shouldn't have users logging in to that machine in the first place. If it's a shared resource for users whom you don't entirely trust, then by all means, set up various limits, but I don't think ulimits should be enabled on a default installation. After all, that machine with all its resources is there precisely because someone needs to use it (and in case of physicists -- to abuse it. Badly.). Regards, -- Konstantin Ryabitsev Zlotniks, INC
