blob: eafc4338db589e5fa88e306aed1a757a25bead6b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] forkbomb protection
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20forkbomb%20protection&In-Reply-To=%3Ckhimdv%24gq1%241%40ger.gmane.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="023405.html">
<LINK REL="Next" HREF="023406.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] forkbomb protection</H1>
<B>David Walser</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20forkbomb%20protection&In-Reply-To=%3Ckhimdv%24gq1%241%40ger.gmane.org%3E"
TITLE="[Mageia-dev] forkbomb protection">luigiwalser at yahoo.com
</A><BR>
<I>Sun Mar 10 20:20:34 CET 2013</I>
<P><UL>
<LI>Previous message: <A HREF="023405.html">[Mageia-dev] Freeze push: xfdesktop 4.10.2
</A></li>
<LI>Next message: <A HREF="023406.html">[Mageia-dev] Freeze push Firebird
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#23400">[ date ]</a>
<a href="thread.html#23400">[ thread ]</a>
<a href="subject.html#23400">[ subject ]</a>
<a href="author.html#23400">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>David Walser wrote:
><i> I saw an article this morning on LinuxToday that reminded me of the famous shell forkbomb that most of you are probably aware of (I became
</I>aware of it several years ago from someone's e-mail signature on a mailing list):
><i> <A HREF="http://cyberarms.wordpress.com/2012/11/26/an-eleven-character-linux-denial-of-service-attack-how-to-defend-against-it/">http://cyberarms.wordpress.com/2012/11/26/an-eleven-character-linux-denial-of-service-attack-how-to-defend-against-it/</A>
</I>><i>
</I>><i> This also reminded me that we don't have protection against this out of the box in Mageia.
</I>><i>
</I>><i> I checked on Fedora, and it turns out they do, as described here:
</I>><i> <A HREF="https://bugzilla.redhat.com/show_bug.cgi?id=432903">https://bugzilla.redhat.com/show_bug.cgi?id=432903</A>
</I>><i>
</I>><i> Their pam package has a /etc/security/limits.d/90-nproc.conf file that has:
</I>><i> # Default limit for number of user's processes to prevent
</I>><i> # accidental fork bombs.
</I>><i> # See rhbz #432903 for reasoning.
</I>><i>
</I>><i> * soft nproc 1024
</I>><i>
</I>><i> As the last comment on the bug says, it's a bit confusing that it's in limits.d/ and not the limits.conf file itself, and in fact I'm not
</I>sure what is responsible for processing limits.d/* as limits.conf says nothing about it (Fedora's is the exact same as ours). Anyway, one
way or another it would be nice to have this limit set by default on Mageia, IMHO. WDYT?
I added this exactly as Fedora has in pam-1.1.6-4.mga3. Let me know if it causes problems or doesn't work.
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="023405.html">[Mageia-dev] Freeze push: xfdesktop 4.10.2
</A></li>
<LI>Next message: <A HREF="023406.html">[Mageia-dev] Freeze push Firebird
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#23400">[ date ]</a>
<a href="thread.html#23400">[ thread ]</a>
<a href="subject.html#23400">[ subject ]</a>
<a href="author.html#23400">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
