On Wed, 2005-03-23 at 14:45 +0100, Erik Mouw wrote: > On Wed, Mar 23, 2005 at 01:37:38PM +0100, Natanael Copa wrote: > > On Wed, 2005-03-23 at 19:56 +0900, aq wrote: > > > > /etc/limits does a better job at stopping forkbombs. > > > > but does not limit processes that are started from the boot scripts. So > > if a buggy non-root service is exploited, an attacker would be able to > > easily shut down the system. > > That's easy to fix: set limits from initrd or initramfs.
..or run "ulimit -u" early in the boot scripts. What I suggest is doing the reverse. Let the kernel be restrictive by default and let distro's or sysadmins open up if they need more processes. -- Natanael Copa - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
