Guillaume Cottenceau <[EMAIL PROTECTED]> writes: > Yura Gusev <[EMAIL PROTECTED]> writes: > > > On 4 Feb 2002, Bryan Paxton wrote: > > > > > As for the fork() bomb, well... A good system out of the box (or > > > configured) shouldn't allow more than X amount of procs (40 is a good > > > number, or 150 for SMP and higher). > > > echo "* nproc 40" > /etc/security/limits.conf > > > (or whatever number you prefer to limit your lusers to) > > > > > > Of course, this can be taken further with security patches (grsecurity, > > > LIDS, etc...) > > > > > > Assuming is a bad idea ; ) > > > > Well can Mandrake add it to msec level >=3? > > Maybe... > > Florin, fredl, what do you think ?
In fact we haven't added this to msec because it breaks servers iirc. And now we have grsecurity patches in the kernel-secure which takes car of fork bombs... -- Fred - May the source be with you
