[Mageia-dev] forkbomb protection

Wed Nov 28 20:23:45 CET 2012

On Wed, 28 Nov 2012 13:00:05 -0500, Johnny A. Solbu <cooker at solbu.net> wrote:
+
+> On Wednesday 28. November 2012 17.53, David Walser wrote:
+>> Their pam package has a /etc/security/limits.d/90-nproc.conf file that has:
+>
+>> *        soft    nproc    1024
+>>
+>> As the last comment on the bug says, it's a bit confusing that it's in limits.d/ and not the limits.conf file itself,
+>
+> His point is that any limits set in «/etc/security/limits.d/» overrides the «limits.conf» file.
+>
+>> and in fact I'm not sure what is responsible for processing limits.d/* as limits.conf says nothing about it (Fedora's is the exact same as ours).
+>
+> We should add some comments in «/etc/security/limits.conf» about it.
+>
+>> Anyway, one way or another it would be nice to have this limit set by default on Mageia, IMHO.  WDYT?
+>
+> I think we should have this.
+
+This is also being discussed in the usenet newsgroup alt.os.linux.mageia.
+
+I've confirmed the forkbomb will kill my Mageia 2 x86-64 system, with
+the default value for nprocs of 127910.  Interestingly, it doesn't kill
+the system if I run the forkbomb right after rebooting, only if it's been
+in use for a while.  This is a quad core with 16GB of ram.
+
+I've added a line to /etc/security/limits.conf on my system, with
+*               hard    nproc           10000
+
+The forkbomb no longer has impact, except for the need to kill all
+of the user's bash processes.
+
+# ps -A|wc -l
+218
+
+I think 10000 should be more than adequate, yet low enough to stop the
+bomb from killing the system.
+
+Regards, Dave Hodgins
+