fork() — Linux Kernel

Hey,

I read a document on securityfocus about fork bombinb a linux system.Although they didn't speak about the effectiveness of resource limits Iguess that should be discussed because it's possible to make a linuxmachine extremely slow (compared to FreeBSD for instance) even with wellconfigured resource limits.I revised kernel/fork.c and I found a way to prevent this problem byremoving all associated processes with the parent, but that's far fromportable and should not be used for the sake of compatibilities. I guessthe function fork() should be revised.And what about creating a 'maxprocs' sysctl var (even if left high) whenthe resource limits problem is fixed? It would help security when it isneeded and wouldn't bother other applications. RLIMITs on login are nottrustworthy. It should exist a global limit in case someone could spawna shell without limits through some flawed application.


Thanks, and please advise.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: fork()
  - From: Triffid Hunter <[email protected]>

Prev by Date: Re: [OT] Re: How's the nforce4 support in Linux?
Next by Date: Re: 2.6.12-rc1-mm2
Previous by thread: [PATCH 2.6.12-rc1-mm2] update VR41xx RTC support
Next by thread: Re: fork()
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]