Re: Fork bombing a Linux machine as a non-root user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2005-03-20 at 14:01, Ben O'Steen wrote:

> How about a third way? The argument so far has been between those that 
> want some sort of default ulimit, and those who believe it is up the 
> sysadmin to set.
> 
> How about if ulimit settings (and perhaps others) were part of the 
> anaconda installer? Under/next to the SELinux tab wouldn't be too 
> jarring for most people, with a paragraph in the help file just to hint 
> at why/why not they should change this.
> 
> Or, as you already have them choosing the type of install (Personal 
> desktop/ workstation/ server, custom) base the default ulimit setting on 
> this, perhaps?

Yes, it could be exposed there, and the installer could even peek
at the CPU speed and available RAM to make some moderately
intelligent default choices.   However it will still surprise
people if they clone the system to other equipment (as I often
do) after the first install using either an image or file based
copy.

Keep in mind though, that this is really not a pressing issue.  The
potential has existed from the very first unix versions and it
has not been a big enough problem in practice for anyone to worry
about it.  It's one of those:
 patient:  Doctor it hurts when I do this...
 doctor:   Well don't do that.
kind of things.  If you manage a system with unpredictable users
(like in a school), you should already know that you need to tighten
things down.  Otherwise if you try to prevent people from doing
bad things you will also prevent them from doing good things.

-- 
  Les Mikesell
    les@xxxxxxxxxxxxxxxx



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux