Forkbomb??

Simon Santoro Simon.Santoro at poste.it
Sun Mar 20 23:02:36 UTC 2005


John Ruschmeyer wrote:
> On Sun, 2005-03-20 at 11:05 +0100, Simon Santoro wrote:
> 
>>I still think it is impossible to save a clueless user that executes 
>>scripts on his local machine from untrusted sources, and thus, cutting 
>>down the number of procs my computer is allowed to execute at one time 
>>is useless and limits my available resources for no real security gain

> Do we really want Snuffy to crash his box just
> because he chose the wrong algorithm (or implemented it badly)?

If the script is buggy, fix the script. There is no need to lock down 
the machine just because there could be a script that forks to many 
times. The script could also do an rm -rf ~/. What would you like to do 
against that? Revoke write permissions on the users home direcotry 
because a "wrongly implemented script" could delete all his data? I hope 
not. I still think you should be able to execute as many procs as you 
like on your own machine, or rm -rf your home if you want to.

> This started as a system security issue, but probably has reliability
> aspects.

So, at least, it's not a security issue any more :)

> Personally, I like the compromise of a soft limit with a large, but not
> unreasonable number. It's an air bag against accidents, but can always
> be overridden by those who need to.

It would be nice if it would become impossible for any given software to 
do any harm to your data/things about you care on your computer, but 
that's impossible (at this point in time). And this is one of those 
cases where you can't/should not do something about it. IMHO obviously.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050321/460c3dce/attachment.sig>


More information about the ubuntu-users mailing list