Re: fork()

[Triffid Hunter]

you can limit the max number of processes by putting the following into /etc/security/limits.conf (on my distro, and quite a number of others according to google too)

*	hard	nproc	<max # processes>

you can also limit quite a number of other things in this file, and other files in that directory.

redoubtable wrote:
> Hey,
>
> I read a document on securityfocus about fork bombinb a linux system. 
> Although they didn't speak about the effectiveness of resource limits I 
> guess that should be discussed because it's possible to make a linux 
> machine extremely slow (compared to FreeBSD for instance) even with well 
> configured resource limits.
> I revised kernel/fork.c and I found a way to prevent this problem by 
> removing all associated processes with the parent, but that's far from 
> portable and should not be used for the sake of compatibilities. I guess 
> the function fork() should be revised.
> And what about creating a 'maxprocs' sysctl var (even if left high) when 
> the resource limits problem is fixed? It would help security when it is 
> needed and wouldn't bother other applications. RLIMITs on login are not 
> trustworthy. It should exist a global limit in case someone could spawn 
> a shell without limits through some flawed application.
>
> Thanks, and please advise.
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/