On Sat, 19 Mar 2005 15:20:50 +0100, Kyrre Ness Sjobak <kyrre@xxxxxxxxxxxxxxxxxx> wrote: > But bugs in (preinstalled) system software has also been known to cause > a resource exhaustion. I had cups do this to me once (try sending a 400 > mb postscript to gimpprint on a 128 MB RAM computer), or print to a > remote machine called "localhost" - thats effectively a forkbomb... No, that's a computer with not enough memory. :) We have an OOM-killer for such cases. A "denial of service" that results when someone tries to run a large application with insufficient system resources is not a security concern -- it's a feature. It's the same as trying to buy a BMW when you only have enough money for a used Ford -- you'll get a denial of service from the dealership, too. ;) Besides, you can't ulimit a process running as root anyway. Can you? Regards, -- Konstantin Ryabitsev Zlotniks, INC
