Operating Systems > Linux and UNIX

Linux Kernel Security. forkbomb havoc

<< < (5/8) > >>

muzzy:
Damnit, I have to take some back regarding the quotas. I can only find memory quotas and disk quotas being implemented, nothing else so far...

muzzy:
Reading quickly (or how long did that take?) through disassemblies of the related kernel functions, I can't see anything to do process creation limiting. Windows seems to be vulnerable to "fork bombing" issues with no real solutions (other than third party kernel patches). Tough luck. :)

OTOH, there seems to be a lowlevel hooking mechanism for process creation which could perhaps be used to implement "nproc" quotas. This might be trouble, though, since it's called in middle of process initialization and killing the process there might not be supported. I'd have to research more into this to say for sure and I'm not really that greatly interested.

Kintaro:

--- Quote from: muzzy ---Oh my, oh my! So, it's ok for linux box to suck after install and then it's admin's job to set it up properly, but same doesn't apply for windows?
--- End quote ---

 Did anyone actually say that?

Feodora ships with a healthy setting...
[x11@kintaro ~]$ ulimit
unlimited
:S

Calum:
that's not the value we're talking about, do "ulimit -a" to see the full list of values that ulimit can change. or "ulimit -u" to see how many user processes are allowed (which is what we're discussing).

muzzy:
[root@kintaro ~]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) 1024
max locked memory       (kbytes, -l) 32
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 3838
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

PS. no, that doesn't mean i 0wned his box. he pasted that himself earlier in private as we had a short chat about random things related to system resources :)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version