Hello,
> is this code just propagating itself to fill up buffers?
> I am trying to follow the thread but this part is unclear to me.
For what I recall, we where discussing if it was OK to put perl on
the firewall. Someone pointed out that with this line of perl:
> > firewall% perl -e 'while(1) { fork() }'
you could hand the system if the proper resource limits where not
set. I pointed out that you don't need perl to do that. This bash line:
> :(){:|:&};:
Would give you the same result. I was just trying to point out
that even bash is a very powerful tool to break down systems.
IMO, a firewall should only be a firewall. An specific machine
which only purpose is to filter traffic (level 3, 4 & App), maintained by
a small closed group of people.
No perl, no gcc, no nothing. Not even cron or atd if you haven't
had any program that needs it. No SUIDs, no users, absolutely nothing.
Also, no NT/2k too. :)
-- p.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
