If we set strict ulimits by default we'd have people writing articles like "Fedora is teh suck, I can't malloc more than xMB in a single process" What's fit for one configuration may not be for another. One size most definitly does not fit all.
The BSDs didn't seem vulnerable to this issue, and I don't see people going around in circles screaming about it. So, they seem to have chosen some "one size fits almost all" limits.
Maybe those could be chosen for Fedora/RedHat too, and let people with a need for huge numbers of processes increase them. Those kind of people should also know how to do "man ulimit".
When one advocates in favor of unix-like systems (as opposed to Windows systems) mentioning "convenience vs. security", it is embarassing to be given counter-examples like fork-bombs.
-- Carlos Rodrigues
url: http://tudo-sobre-nada.blogspot.com
