Hi all,
An old article caught my eye - http://www.securityfocus.com/columnists/308
It talks about the way linux systems react to a fork bomb and surprisingly it is by freezing stiff.
Sadly most distros seem to freeze as the limits are meant to maximize performance and not make it secure, even Ubuntu.
Can someone shed light on what knobs/limits to tweak to deal with this "problem" ?
regards, C
Sometime on Monday 09 April 2007 12:17, Chetan S said:
Sadly most distros seem to freeze as the limits are meant to maximize performance and not make it secure, even Ubuntu.
Can someone shed light on what knobs/limits to tweak to deal with this "problem" ?
Add this to your /etc/security/limits.conf * hard nproc 2048
Which controls how many processes a user can create. Atleast the ubuntu box stays alive and lets admin login and kill offending processes.
Anurag
On 4/9/07, Anurag anurag@gnuer.org wrote:
Sometime on Monday 09 April 2007 12:17, Chetan S said:
Sadly most distros seem to freeze as the limits are meant to maximize performance and not make it secure, even Ubuntu.
Can someone shed light on what knobs/limits to tweak to deal with this "problem" ?
Add this to your /etc/security/limits.conf
hard nproc 2048
Why 2048 and not 4096 ? The question being... is there some formula to get such a number ?
I understand there are too many factors to consider but am looking for some dynamic solution that allows enough "free memory" to restore sanity.
regards, C
Sometime on Monday 09 April 2007 14:25, Chetan S said:
Why 2048 and not 4096 ? The question being... is there some formula to get such a number ?
Because i dont think i am going to run an app which spawns more than 2048 processes ;-)
I understand there are too many factors to consider but am looking for some dynamic solution that allows enough "free memory" to restore sanity.
I do not know of one. I guess the number cant be dynamic. The admin needs to arrive at the figure by considering ram and cpu resources. One can also finetune the limits by setting `soft' and `hard' limits also.
Anurag
-
Anurag -
Chetan S