pjlv at mega
Mar 20, 2005, 6:14 PM
Post #12 of 13
(947 views)
Permalink
|
|
Re: protecting agains forkbombs (and similar problems)
[In reply to]
|
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Markus Dittrich wrote:
| On Sat, 19 Mar 2005 11:15:06 +0000, Rui Covelo <rpfc [at] mega> wrote:
|
|>Hi!
|>
|>Inspired by this article (http://www.securityfocus.com/bid/12298) at
|>security focus, I was wondering what can be done to protect our gentoo
|>machine against forkbombs or similar problems.
|>
|>What is the best way to protect our system against this?
|>
|>Do you think this kind of problems are important when were talking about
|>our desktop box or only in big system with many users?
|>
|>BTW, I tried a fork bomb on my gentoo desktop box. Couldn't even log in
|>as root to stop it. :\
|>
|>--
|
|
| Hi Rui,
|
| To protect against this kind of attack you should put the appropriate limits
| into /etc/security/limits.conf. E.g.
|
| * soft nproc 100
| * hard nproc 150
|
| will prevent the spawning of more than 150 processes per user and thereby
| limit the impact of forkbomb attacks. Personally, I think it would be a good
| idea to have some sane default values in this file. If somebody really needs
| more processes, open files, etc. they can always up them.
but who (what process(es) look into those files? init? login? pam plugins?
the kernel (hardly, I guess)?
where are the hooks to implement such limits?
regards,
pedro venda.
- --
Pedro Joćo Lopes Venda
email: pjlv < at > mega.ist.utl.pt
http://arrakis.dhis.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPh/deRy7HWZxjWERAuYbAKCvPbBqisjJ761NKhscAaO8AbeYJgCfbj7m
N8kS5OsMRcRRcL94fqhG6ys=
=ooZ3
-----END PGP SIGNATURE-----
--
gentoo-security [at] gentoo mailing list
|
