On Fri, Mar 18, 2005 at 01:08:31PM -0500, M.Rudra wrote: > When my Windows system crashed recently, a patient of mine introduced > me to Linux as a secure OS but today I read an article on fork bombing > a Linux system. > > http://www.securityfocus.com/columnists/308?ref=rssdebia > > As a non-geek user I am concerned as I thought Linux is very secure. > So I googled "fork bombing" and after reading them, I have some doubts : > > 1] Is this applicable to newer version of FC3/4 or will this affect > older stable versions too. This is an old old old, (20+ years) issue. It Affects All versions of BSD/UNIX/Linux even SCOrch. It is the responsibility of the local sysadmin to set the per user resources limits to the level appropriate for local needs. To fix this in all versions of BSD/UNIX/Linux even SCOrch: Put "ulimit -u <N>" in one of the system wide start up scripts. this will limit each user to a maximum of "N" processes . Make N is large enough for each user to run X-windows plus their applications. 100 will do it for almost everyone. Its pretty big without being big enough to let a script run away with the system. Adjust to fit, YMMV. > 2] The article mentions Debian survived among others but some of the > Linux distributions are vulnerable to fork bombing. Is FC a part of > the latter ? Affects ALL *NIX > 3] If a non -root 'user' can bring down the system, then can a person > without login facility bring down the system too if the machine is > connected to the Internet ?. Not this way. > 4] What precautions must one take for [a] general PC [b] servers. do > they differ ? See Soln. above > 5] Does one have to download a patch for the kernel ? No, See soln above, If we install an > older stable version of the distro will the system be safe from such > an attack ? No, See soln above, -- "The only system which is truly secure, is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn't stake my life on it" - Gene Spafford (Good thing. the law of unintended consequences: A laptop, w/wireless NIC and wake on "date" set in the BIOS) http://kinz.org http://www.fedoranews.org Jeff Kinz, Emergent Research, Hudson, MA.
