Re: [arch-dev-public] Fwd: limits.conf and fork bombing
On 2012/6/5 Stéphane Gaudreault wrote: > Le 2012-06-05 08:32, Daniel Isenmann a écrit : >> Am 05.06.2012 14:26, schrieb Dave Reisner: >>> On Tue, Jun 05, 2012 at 02:23:34PM +0200, Tobias Powalowski wrote: Original-Nachricht Betreff: limits.conf and fork bombing Datum: Tue, 5 Jun 2012 13:15:26 +0200 Von: M0Rf30 Could you insert a string into /etc/security/limits.conf to prevent a fork bombing attack? An example: * hard nproc 300 Thanks Best Regards Gianluca Boiano >>> Yeah, we've seen this before... >>> >>> https://bugs.archlinux.org/task/25690 >>> >>> d >>> >> Isn't this a task for the administrator of the computer? I don't see a >> reason, why we should add one for default in one of our packages. >> >> Daniel > +1 To do nothing. This is definitely an admin task. > I agree. 300 is a ridiculously low limit and here my shell has a default limit of 24070 processes without me doing anything. Rémy.
Re: [arch-dev-public] Fwd: limits.conf and fork bombing
Le 2012-06-05 08:32, Daniel Isenmann a écrit : > Am 05.06.2012 14:26, schrieb Dave Reisner: >> On Tue, Jun 05, 2012 at 02:23:34PM +0200, Tobias Powalowski wrote: >>> >>> Original-Nachricht >>> Betreff: limits.conf and fork bombing >>> Datum: Tue, 5 Jun 2012 13:15:26 +0200 >>> Von: M0Rf30 >>> An: tp...@archlinux.org >>> >>> >>> >>> Could you insert a string into /etc/security/limits.conf to prevent a >>> fork bombing attack? >>> An example: >>> *hardnproc 300 >>> Thanks >>> Best Regards >>> Gianluca Boiano >>> >> Yeah, we've seen this before... >> >> https://bugs.archlinux.org/task/25690 >> >> d >> > Isn't this a task for the administrator of the computer? I don't see a > reason, why we should add one for default in one of our packages. > > Daniel +1 To do nothing. This is definitely an admin task. signature.asc Description: OpenPGP digital signature
Re: [arch-dev-public] Time to go
Am 05.06.2012 14:31, schrieb Paul Mattal: > All, > > I've been inactive as a developer for a long time now, and I think > it's time for me to go. > > It's been an exciting ride with you all. I came on to help launch the > AUR in 2005, and we changed the Arch world forever. > > I encourage the new folks to think boldly and put your efforts and > persistence into making the world better, one incremental improvement > at a time-- and remember to have fun along the way! > > Best, > Paul > > P.S. Dan, or anyone with uber access, can you take care of closing my > shell access and removing me from the dev mailing lists? > Bye Paul, I wish you and your family all the best. Always keep on having fun and don't forget the arch family. greetings tpowa -- Tobias Powalowski Archlinux Developer & Package Maintainer (tpowa) http://www.archlinux.org tp...@archlinux.org signature.asc Description: OpenPGP digital signature
Re: [arch-dev-public] Time to go
Thanks Paul, and good luck, personally and professionally. I owe you and hope to someday shake your hand. Dieter
Re: [arch-dev-public] Time to go
Am 05.06.2012 14:31, schrieb Paul Mattal: All, I've been inactive as a developer for a long time now, and I think it's time for me to go. It's been an exciting ride with you all. I came on to help launch the AUR in 2005, and we changed the Arch world forever. I encourage the new folks to think boldly and put your efforts and persistence into making the world better, one incremental improvement at a time-- and remember to have fun along the way! Best, Paul P.S. Dan, or anyone with uber access, can you take care of closing my shell access and removing me from the dev mailing lists? Thanks for all the work you have put into Arch Linux! Wish you all the best for your tasks after your time here. Daniel
Re: [arch-dev-public] Time to go
On Jun 5, 2012 2:36 PM, "Andrea Scarpino" wrote: > > On Tuesday 05 June 2012 08:31:41 Paul Mattal wrote: > > It's been an exciting ride with you all. I came on to help launch the > > AUR in 2005, and we changed the Arch world forever. > > > > I encourage the new folks to think boldly and put your efforts and > > persistence into making the world better, one incremental improvement at > > a time-- and remember to have fun along the way! > > A big thank you for your amazing work, Paul. > > And good luck for everything you want :) > > Best Regards > > -- > Andrea Bye Paul! We have never really had the occasion to work together but it is always a bit sad to hear someone leave. Anyway. Have fun. :) Guillaume
Re: [arch-dev-public] Time to go
On Tuesday 05 June 2012 08:31:41 Paul Mattal wrote: > It's been an exciting ride with you all. I came on to help launch the > AUR in 2005, and we changed the Arch world forever. > > I encourage the new folks to think boldly and put your efforts and > persistence into making the world better, one incremental improvement at > a time-- and remember to have fun along the way! A big thank you for your amazing work, Paul. And good luck for everything you want :) Best Regards -- Andrea
Re: [arch-dev-public] Fwd: limits.conf and fork bombing
On Tuesday 05 June 2012 14:32:37 Daniel Isenmann wrote: > Isn't this a task for the administrator of the computer? I don't see a > reason, why we should add one for default in one of our packages. I agree with Daniel (and with Gaetan's opinion). -1 -- Andrea
Re: [arch-dev-public] Fwd: limits.conf and fork bombing
Am 05.06.2012 14:26, schrieb Dave Reisner: On Tue, Jun 05, 2012 at 02:23:34PM +0200, Tobias Powalowski wrote: Original-Nachricht Betreff:limits.conf and fork bombing Datum: Tue, 5 Jun 2012 13:15:26 +0200 Von:M0Rf30 An: tp...@archlinux.org Could you insert a string into /etc/security/limits.conf to prevent a fork bombing attack? An example: *hardnproc 300 Thanks Best Regards Gianluca Boiano Yeah, we've seen this before... https://bugs.archlinux.org/task/25690 d Isn't this a task for the administrator of the computer? I don't see a reason, why we should add one for default in one of our packages. Daniel
[arch-dev-public] Time to go
All, I've been inactive as a developer for a long time now, and I think it's time for me to go. It's been an exciting ride with you all. I came on to help launch the AUR in 2005, and we changed the Arch world forever. I encourage the new folks to think boldly and put your efforts and persistence into making the world better, one incremental improvement at a time-- and remember to have fun along the way! Best, Paul P.S. Dan, or anyone with uber access, can you take care of closing my shell access and removing me from the dev mailing lists?
Re: [arch-dev-public] Fwd: limits.conf and fork bombing
On Tue, Jun 05, 2012 at 02:23:34PM +0200, Tobias Powalowski wrote: > > > Original-Nachricht > Betreff: limits.conf and fork bombing > Datum:Tue, 5 Jun 2012 13:15:26 +0200 > Von: M0Rf30 > An: tp...@archlinux.org > > > > Could you insert a string into /etc/security/limits.conf to prevent a > fork bombing attack? > An example: > *hardnproc 300 > Thanks > Best Regards > Gianluca Boiano > Yeah, we've seen this before... https://bugs.archlinux.org/task/25690 d
[arch-dev-public] Fwd: limits.conf and fork bombing
Original-Nachricht Betreff:limits.conf and fork bombing Datum: Tue, 5 Jun 2012 13:15:26 +0200 Von:M0Rf30 An: tp...@archlinux.org Could you insert a string into /etc/security/limits.conf to prevent a fork bombing attack? An example: *hardnproc 300 Thanks Best Regards Gianluca Boiano signature.asc Description: OpenPGP digital signature
[arch-dev-public] Signoff report for [testing]
=== Signoff report for [testing] === https://www.archlinux.org/packages/signoffs/ There are currently: * 14 new packages in last 24 hours * 0 known bad packages * 0 packages not accepting signoffs * 8 fully signed off packages * 24 packages missing signoffs * 6 packages older than 14 days (Note: the word 'package' as used here refers to packages as grouped by pkgbase, architecture, and repository; e.g., one PKGBUILD produces one package per architecture, even if it is a split package.) == New packages in [testing] in last 24 hours (14 total) == * filesystem-2012.6-1 (any) * dnsutils-9.9.1.P1-1 (i686) * krb5-1.10.2-1 (i686) * pam-1.1.5-4 (i686) * systemd-185-1 (i686) * dnsutils-9.9.1.P1-1 (x86_64) * krb5-1.10.2-1 (x86_64) * pam-1.1.5-4 (x86_64) * systemd-185-1 (x86_64) * bind-9.9.1.P1-1 (i686) * gnome-session-3.4.2-2 (i686) * bind-9.9.1.P1-1 (x86_64) * gnome-session-3.4.2-2 (x86_64) * pambase-20120602-1 (any) == Incomplete signoffs for [core] (9 total) == * dnsutils-9.9.1.P1-1 (i686) 0/2 signoffs * krb5-1.10.2-1 (i686) 1/2 signoffs * pam-1.1.5-4 (i686) 1/2 signoffs * pinentry-0.8.1-4 (i686) 1/2 signoffs * systemd-185-1 (i686) 0/2 signoffs * dnsutils-9.9.1.P1-1 (x86_64) 0/2 signoffs * krb5-1.10.2-1 (x86_64) 1/2 signoffs * pam-1.1.5-4 (x86_64) 0/2 signoffs * systemd-185-1 (x86_64) 0/2 signoffs == Incomplete signoffs for [extra] (13 total) == * bind-9.9.1.P1-1 (i686) 0/2 signoffs * fcpci-31107-75 (i686) 0/2 signoffs * fcpcmcia-31107-70 (i686) 0/2 signoffs * gc-7.2-1 (i686) 0/2 signoffs * gnome-session-3.4.2-2 (i686) 0/2 signoffs * lirc-1:0.9.0-18 (i686) 0/2 signoffs * nvidia-295.53-2 (i686) 0/2 signoffs * bind-9.9.1.P1-1 (x86_64) 0/2 signoffs * fcpci-31107-75 (x86_64) 0/2 signoffs * fcpcmcia-31107-70 (x86_64) 0/2 signoffs * gc-7.2-1 (x86_64) 0/2 signoffs * gnome-session-3.4.2-2 (x86_64) 0/2 signoffs * lirc-1:0.9.0-18 (x86_64) 0/2 signoffs == Incomplete signoffs for [unknown] (2 total) == * pambase-20120602-1 (any) 1/2 signoffs * libusbx-1.0.11-2 (i686) 1/2 signoffs == Completed signoffs (8 total) == * filesystem-2012.6-1 (any) * fakeroot-1.18.4-1 (i686) * linux-3.4-1 (i686) * fakeroot-1.18.4-1 (x86_64) * linux-3.4-1 (x86_64) * pinentry-0.8.1-4 (x86_64) * nvidia-295.53-2 (x86_64) * libusbx-1.0.11-2 (x86_64) == All packages in [testing] for more than 14 days (6 total) == * gc-7.2-1 (i686), since 2012-05-18 * gc-7.2-1 (x86_64), since 2012-05-18 * linux-3.4-1 (i686), since 2012-05-21 * nvidia-295.53-2 (i686), since 2012-05-21 * linux-3.4-1 (x86_64), since 2012-05-21 * nvidia-295.53-2 (x86_64), since 2012-05-21 == Top five in signoffs in last 24 hours == 1. stephane - 4 signoffs 2. foutrelis - 3 signoffs 3. allan - 2 signoffs
