On 2012/6/5 Stéphane Gaudreault <[email protected]> wrote: > Le 2012-06-05 08:32, Daniel Isenmann a écrit : >> Am 05.06.2012 14:26, schrieb Dave Reisner: >>> On Tue, Jun 05, 2012 at 02:23:34PM +0200, Tobias Powalowski wrote: >>>> >>>> -------- Original-Nachricht -------- >>>> Betreff: limits.conf and fork bombing >>>> Datum: Tue, 5 Jun 2012 13:15:26 +0200 >>>> Von: M0Rf30<[email protected]> >>>> >>>> Could you insert a string into /etc/security/limits.conf to prevent a >>>> fork bombing attack? >>>> An example: >>>> * hard nproc 300 >>>> Thanks >>>> Best Regards >>>> Gianluca Boiano >>>> >>> Yeah, we've seen this before... >>> >>> https://bugs.archlinux.org/task/25690 >>> >>> d >>> >> Isn't this a task for the administrator of the computer? I don't see a >> reason, why we should add one for default in one of our packages. >> >> Daniel > +1 To do nothing. This is definitely an admin task. >
I agree. 300 is a ridiculously low limit and here my shell has a default limit of 24070 processes without me doing anything. Rémy.
