Forkbomb??

Simon Santoro Simon.Santoro at poste.it
Fri Mar 18 20:57:14 UTC 2005


Karl Hegbloom wrote:
> [Moved to ubuntu-users: Please reply there ONLY: Edit your headers.]
> 
> On Fri, 2005-03-18 at 21:02 +0100, Simon Santoro wrote:
> 
>>Michael Anckaert wrote:
>>
>>>Hello all,
>>>I just read an article on SecurityFocus about how forkbombs can still
>>>affect modern day distributions.
>>>The article states Debian isn't affected by the forkbomb and since
>>>Ubuntu is Debian based, I'm not worried a bit :-).
>>
>>I don't think this is really a bug. If you use ubuntu as a desktop 
>>system, you should be able to use all the resources available to work 
>>with your computer.
>>If you are using Ubuntu as a server and let users remotely log in and 
>>execute commands, then, I presume, you are a good enough admin to know 
>>how to ulimit the resources any given user has.
> 
> 
> What if you are a relatively clueless newbie, and you run a script
> written by someone else that fork bombs?  That same newbie will have no
> clue as to what just happened to the computer.  They are unlikely to
> have had a CPU meter (gkrellm) running, and will have no context for
> understanding.

If you are a relatively clueless newbie that executes scripts written by 
other people you are screwed anyway. That script could rm -rf your ~, 
send your firefox profile folder via email to someone else, or do a lot 
worse than forkbomb your pc.

> I think that limiting the 'nproc' via /etc/security/limits.conf to 4068
> processes (as in Debian Woody) would be acceptable.  That's way more
> processes than even the heaviest desktop user will really need, and will
> prevent the fork bomb DOS from being possible.

Personally I don't like someone else to decide what is best for me, like 
how many processes I am allowed to run, how many cpu time, or cut down 
on anything else on my machine. But if you think this is reasonable, 
just go ahead. I can change it only for me ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050318/af0aca0d/attachment.sig>


More information about the ubuntu-users mailing list