-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 (राज माथुर) writes: > On Wednesday 08 Jun 2011, Ankit Chaturvedi wrote: >> > Is there a way we can tweak the ulimit - user limit for all users. >> > http://www.linuxforums.org/forum/security/90836-user-limits-linux.h >> > tml - wasn't so helpful. >> >> Try 'setrlimit' to set RLIMIT_NPROC to some agreeable value. NPROC is >> the number of processes a user can create. Limiting them will >> atleast leave you with enough resources to start a shell and kill >> the offending process (bash in this case). >> ulimit will not work if you don't have pam_limits module for your >> kernel (it's not built by default). Try loading pam_limits module >> manuallly and see if the limits in /etc/security/limits.conf are >> honored then. >> >> There is no definite solution to preventing a fork_bomb as such, but >> patches like this http://grsecurity.net/ may help you finding which >> user started the fork bomb, though it might be an overkill for >> single user systems.
> So will any of these solutions work when the user is logged in as root? > In general, how are you going to prevent root from destroying your > system? % getent passwd root root:x:65535:65535:root:/root:/bin/sh Or, maybe SELinux :) - -- Ashish SHUKLA “UNIX is user-friendly, it just chooses its friends.” (Andreas Bogk) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iQIcBAEBCgAGBQJN7yWzAAoJEMdGz6nnT6Sw1K4P/jdPtb2Gp9QspdEY85lQCGpS yX+6V/tZnwNb/hb/FOWdeX0KDOrFh1FZl2Np21CkMlI/yWgRDpXQ6rgwo+CRWlLu u+O8j7E65LUs3/wtRRdw7kfU+OtagcfUXmUKbWU+yhnMIaFlvaVKRVOBTOj8H5q5 cnoOkyc27PAjC2WBAHlf7RMAZ9bEhpXufr100ZsFbpVuiHnAtG3xOE5Fc4BOPPQu ZQkwoEWk1Gb9RM8KeBPI8tfaC4StDtVEuxoKKPDbD92Rq7rd/Ce6VszfO1AOj3vh Aw9/gUAAoyYn0LUvApABLM4hLVYpsBQInBvMKrgoySha2Oj6vHR7HytUvxNoFx/4 ZA4xkZvgeUkDsCG2lbamWuzQMasxGm9lvFIokAOqDFyXZSRvb1AtnTYDkvzAhp8s P3G6kib9YyFNRbboG7hyrugZNMHJrRXK4DC2O4m48hhKjxrub6gAsnlBa50zufpv EZi82izHKwHQyQUIH/zxda8aQFbfg/pONzQb/rXfIuADqyW7j8uB9iM0sVvNUWEn XaY/AWPs0jrnMP2uL90FIjl+W6A8cIqmgrlur4NQN3Nf3l2vdSFTnuclvkCyvXST sjjt2V21j9hFCK3R+WLBVFnl7TcqGJMHZXKEpogEv38WzS9a2sUKlqZBaonbsdu+ KupDTWphaygPtFgSOn2M =FwOs -----END PGP SIGNATURE----- _______________________________________________ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
