Re: forkbombing Linux distributions

[Jacek Łuczak]

Natanael Copa napisał(a):
> On Thu, 2005-03-31 at 01:46 +0200, Felipe Alfaro Solana wrote:
>
> > On Mon, 28 Mar 2005 19:28:20 +0200, Matthieu Castet
> > <mat@xxxxxxxxxxxxxxxxx> wrote:
> >
> > > > The memory limits aren't good enough either: if you set them low
> > > > enough that memory-forkbombs are unperilous for
> > > > RLIMIT_NPROC*RLIMIT_DATA, it's probably too low for serious
> > > > applications.
> > >
> > > yes, if you want to run application like openoffice.org you need at
> > > least 200Mo. If you want that your system is usable, you need at least 40 process per user. So 40*200 = 8Go, and it don't think you have all this memory...
> > >
> > > I think per user limit could be a solution.
> > >
> > > attached a small fork-memory bombing.
> >
> > Doesn't do anything on my machine:
> >
> > # ulimits -a
>
> ...
>
>
> > it tops at 100 processes and eats a little CPU... although the system
> > is under load, it's completely responsive.
>
>
> 100 processes is low. I often have over 150.

On desktop system 150 processes is low too. 250 is safe and sufficient 
value.

> I use the patch mentioned here:
> http://marc.theaimsgroup.com/?l=linux-kernel&m=111209980932023&w=2
> (it set the default max_threads and RLIMIT_NPROC to half of the current
> default)
>
> and my system survived.

Hmmm....my didn't when nearly all users start forkbombing!

I think that changing the default max_threads is not a good idea. It 
might solve many problems but forkbombing require something more universal.

	Jacek
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/