MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16958.16187.716183.994251@wombat.chubb.wattle.id.au>
Date: Mon, 21 Mar 2005 14:27:55 +1100
From: Peter Chubb <peterc@gelato.unsw.edu.au>
To: William Beebe <wbeebe@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: forkbombing Linux distributions
In-Reply-To: <e0716e9f05032019064c7b1cec@mail.gmail.com>
References: <e0716e9f05032019064c7b1cec@mail.gmail.com>
Comments: Hyperbole mail buttons accepted, v04.18.
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1074
Lines: 25

>>>>> "William" == William Beebe <wbeebe@gmail.com> writes:

William> Sure enough, I created the following script and ran it as a
William> non-root user:

William> #!/bin/bash $0 & $0 &

There are two approaches to fixing this.
  1.  Rate limit fork().  Unfortunately some legitimate usges do a lot
      of forking, and you don't really want to slow them down.
  2.  Limit (per user) the number of processes allowed. This is what's
      currently done; and if you as administrator want to you can set
      RLIMIT_NPROC in /etc/security/limits.conf

On an almost-single-user system such as most desktops, there isn't much
point in setting this.  On shared systems, it can be useful.

-- 
Dr Peter Chubb  http://www.gelato.unsw.edu.au  peterc AT gelato.unsw.edu.au
The technical we do immediately,  the political takes *forever*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/