Forkbomb??

[Karl Hegbloom]

[Moved to ubuntu-users: Please reply there ONLY: Edit your headers.]

On Fri, 2005-03-18 at 21:02 +0100, Simon Santoro wrote:
> Michael Anckaert wrote:
> > Hello all,
> > I just read an article on SecurityFocus about how forkbombs can still
> > affect modern day distributions.
> > The article states Debian isn't affected by the forkbomb and since
> > Ubuntu is Debian based, I'm not worried a bit :-).
> 
> I don't think this is really a bug. If you use ubuntu as a desktop 
> system, you should be able to use all the resources available to work 
> with your computer.
> If you are using Ubuntu as a server and let users remotely log in and 
> execute commands, then, I presume, you are a good enough admin to know 
> how to ulimit the resources any given user has.

What if you are a relatively clueless newbie, and you run a script
written by someone else that fork bombs?  That same newbie will have no
clue as to what just happened to the computer.  They are unlikely to
have had a CPU meter (gkrellm) running, and will have no context for
understanding.

I think that limiting the 'nproc' via /etc/security/limits.conf to 4068
processes (as in Debian Woody) would be acceptable.  That's way more
processes than even the heaviest desktop user will really need, and will
prevent the fork bomb DOS from being possible.


(On an aside...  I've seen Firefox use 99% CPU flickering status bar
messages that go by too fast to read.  I'd like to see it's javascript
controls set to more restrictive settings by default.)