Fork bombing a Linux machine as a non-root user
dsccable at comcast.net
Sun Mar 20 04:47:12 UTC 2005
William Hooper wrote:
>David Curry said:
>>>The other assumption
>>>is that the person who adds logins and and gives out passwords to others
>>>knows more about whether their access to certain resources should be
>>>limited or if they can be trusted to use the full power of the box.
>>This argument overlooks the specifc kind of concern that prompted the
>>thread originating author to pose his question. Namely, vulnerability of
>>the system to fork bombing if it is hacked.
>If a system is hacked, a fork bomb is the least of your worries. Really.
>Given the choice between a DOS (which will get noticed) or a smart bad guy
>that is going to just quietly monitor everything and control your machine
>without being noticed, I would pick the DOS.
The thing about hackers, though, is that only they know what it is they
want to do. A fork bomb may be a lesser risk than something else, but
it is nevertheless a risk that many newcomers to linux are unaware of.
>As Dave Jones pointed out (very early in this thread) it is next to
>impossible to pick arbitrary values that will work in all situations. You
>will either guess too high or too low.
I am certainly not suggesting that OS distributors are in a position to
pick arbitrary values that will work in all situations. Nor am I
suggesting that they attempt to do so. Rather, I am saying that for OS
distributors to set installation defaults at "unlimited" and/or high
values is tantamount to doing just that. A better practice would be to
set installatioin defaults at levels that will clearly support
installation of the OS, make those default installation values known to
the ops, and expect ops to address the resource allocation issue at time
>To use your car analogy, would you expect to buy a car and have it's speed
>limited to 35 MPH, because that is the speed limit on the street you
I expect a car to run at idling speed in neutral gear until I as an op
decide to use more of the resource available. At which time, as an op I
allocate more resources by putting the vehicle into gear and provide
more fuel to accelerate.
More information about the users