On Tue, 2002-02-05 at 01:27, Yura Gusev wrote: > On 4 Feb 2002, Bryan Paxton wrote: > > > As for the fork() bomb, well... A good system out of the box (or > > configured) shouldn't allow more than X amount of procs (40 is a good > > number, or 150 for SMP and higher). > > echo "* nproc 40" > /etc/security/limits.conf > > (or whatever number you prefer to limit your lusers to) > > > > Of course, this can be taken further with security patches (grsecurity, > > LIDS, etc...) > > > > Assuming is a bad idea ; ) > > Well can Mandrake add it to msec level >=3? >
It should, and this one of the things I'm pushing for, a new model policy for msec... Never give the user the option to make their system less secure, only more. Voice yourself if you feel this policy is the way msec should go. -- Bryan Paxton Public PGP key: http://www.deadhorse.net/bpaxton.gpg "What laughter, why joy, when constantly aflame? Enveloped in darkness, don't you look for a lamp?" Dhp. 163
