Re: Fork bombing a Linux machine as a non-root user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



William Hooper wrote:

David Curry said:


The thing about hackers, though, is that only they know what it is they
want to do. A fork bomb may be a lesser risk than something else, but
it is nevertheless a risk that many newcomers to linux are unaware of.



At the point that a malicious person can run any arbitrary process on your machine you no long have control over it, regardless if they are able to fork bomb the machine or not.



Perhaps, and perhaps not. I can envision a scenario in which a hacker reaches user space and authorities, but has not penetrated the user/root divide.

Basing an argument on what someone can do after you have been hacked
doesn't make sense.  Should we take away wget because after you have been
hacked someone can use it to download more evil code?  Or bash, because
the hacker can make scripts?



See above comment.

A better practice would be to set installatioin defaults at levels that
will clearly support installation of the OS, make those default
installation values known to the ops, and expect ops to address the
resource allocation issue at time of installation.



Which leads to a bunch of people complaining about the defaults having to be changed. You yourself commented in another thread about having to change the defaults for sound settings was an "irritating PITA".




Two points. First, your logic clearly implies that a system op installing with historic default settings for user resource permissions usually does not lift a finger. Just installs and goes. THAT is a silly argument for someone to make after citing Dave Jones' earlier remarks which made the point that OS distributors are not in a position to use default settings suitable for all ops on all systems. And, the argument implies that either all system ops can disregard the risk of fork bombing regardless of how their systems or used or that the system ops have no idea of what the default settings are and the risks those settings expose them to. Second, sound card default settings and user resource limits are not analogous. System resource allocations apply to all systems whereas sound card default settings apply to only those systems with sound chips/cards installed. It seems to me that if someone has CHOSEN a system with sound capabilities then it is rational to presume that the system op expects/wants sound. Past Fedora releases have compelled every op with sound hardware to change the default settings while the issue simply does not arise for system ops without sound hardware. That is, 100% of ops with sound hardware must take explicit action to override the default settings.


To use your car analogy, would you expect to buy a car and have it's
speed limited to 35 MPH, because that is the speed limit on the street
you bought it?



I expect a car to run at idling speed in neutral gear until I as an op
decide to use more of the resource available. At which time, as an op I
allocate more resources by putting the vehicle into gear and provide more
fuel to accelerate.



Unfortunately, what would happen in the real world would be a bunch of
posts to this list along the lines of "how do I get my car to move" and
"well, I never had to do that with my Microsoft car, these Linux cars
suck". And the the associated CARnews articles about how the Fedora car
is horrible because you have to put it in gear instead of just going.


Yes, as you point out there would be some people who would make derogatory comparative statements asserting that Windows was better. Some of the people making such comments would be the personalities that try to wing everything and skip reading anything ahead of time. The others would be Windows enthusiats looking for any opportunity to slam linux regardless of the absence of any supporting factual foundation. The reality is that there are differences of opinion and preferences in the world and any approach, no matter how sensible and reasoned will elicit complaints from some. I am of the opinion that conspicuous disclosure of default installation resource allocations is ample warning and defense against the hew and cry you forecast.

You can't have it both ways.

Is it me that is seeking to have it both ways? I don't think so. See my earlier remarks.

If people have enough knowledge to change an
arbitrarily low limit, they also have enough knowledge to adjust a higher
limit (assuming they need it in their particular situation).  Again, to
quote Dave Jones: "...it solves one problem and brings a lot of new ones."



See points made in second insert above.

--
William Hooper



Cheers !  :-)


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux