Operating Systems > Linux and UNIX

Linux Kernel Security. forkbomb havoc

(1/8) > >>

Bazoukas:
http://www.securityfocus.com/columnists/308?ref=rssdebia



The cracker and the attacked IRC chat
http://www.securityfocus.com/archive/75/393292

muzzy:
Vulnerability to forkbombs isn't the only stupid weakness of linux, although it's a damn obvious one. Further, on some systems where forkbomb doesn't do damage, forkmallocbomb still will.

Calum:
this cropped up a good while ago on void main's forums, the solution is to use ulimit to prevent it:

http://voidmain.is-a-geek.net/forums/viewtopic.php?t=447

some vendors of course do not have this set by default at a sensible value

Calum:
the second comment on the above article is this, i have broken it up to actually mention my thoughts on it:


--- Quote ---
Yes, you can use ulimit. By why should the sysadmin have to bother to do more work to lock a box down?
--- End quote ---
what else is the system admin doing? this is the admin's job.
--- Quote ---After an install the box should be "secure".
--- End quote ---
who says? that'd be ideal, but if it's your system, it's also your responsibility to ensure its security.
--- Quote ---It shouldn't be necessary to do things to make it secure: that's what Microsoft did in the past and look where it got them.
--- End quote ---
this makes no sense.


--- Quote ---This is about sane defaults. The Debian team got it right in this case; most other distributions did not.
--- End quote ---
fair comment, and this is true, but you cannot rely on the vendor to solve your problems for you.

WMD:
This is easy to fix: ulimit -u 100

That's what mine is now.  The Slackware default was 4095.

Add this to /etc/profile and you're ok.

EDIT: I ran a test with -u 45.  It starts up like six processes, and the computer lags.  I've decided to lower my limit to that.

Navigation

[0] Message Index

[#] Next page