[Mageia-dev] forkbomb protection
David Walser
luigiwalser at yahoo.com
Sun Mar 10 20:20:34 CET 2013
David Walser wrote:
> I saw an article this morning on LinuxToday that reminded me of the famous shell forkbomb that most of you are probably aware of (I became
aware of it several years ago from someone's e-mail signature on a mailing list):
> http://cyberarms.wordpress.com/2012/11/26/an-eleven-character-linux-denial-of-service-attack-how-to-defend-against-it/
>
> This also reminded me that we don't have protection against this out of the box in Mageia.
>
> I checked on Fedora, and it turns out they do, as described here:
> https://bugzilla.redhat.com/show_bug.cgi?id=432903
>
> Their pam package has a /etc/security/limits.d/90-nproc.conf file that has:
> # Default limit for number of user's processes to prevent
> # accidental fork bombs.
> # See rhbz #432903 for reasoning.
>
> * soft nproc 1024
>
> As the last comment on the bug says, it's a bit confusing that it's in limits.d/ and not the limits.conf file itself, and in fact I'm not
sure what is responsible for processing limits.d/* as limits.conf says nothing about it (Fedora's is the exact same as ours). Anyway, one
way or another it would be nice to have this limit set by default on Mageia, IMHO. WDYT?
I added this exactly as Fedora has in pam-1.1.6-4.mga3. Let me know if it causes problems or doesn't work.
More information about the Mageia-dev
mailing list