[KLUG Members] Fork Bomb in linux

[Bruce Smith]

You realize that an attacker would have to break into your machine in
order to fork bomb your computer, right?  If that happens, you have more
to worry about than someone doing a DoS on the box.

 - BS


> It appearers that most out of the box Linux systems are vulnerable to
> this attack.  Here is the post from SUSE's security list.
> 
> -----------------------------------------------------------------------
> From: Jim Flanagan <linuxjim at jjfiii.com>
> To: suse-security at suse.com
> Subject: [suse-security] Linux and forkbomb - with link
> Date: Fri, 18 Mar 2005 12:47:51 -0600 (CST)
> Sorry, my earlier post did not include the link to the story at
> securityfocus.com
> 
> Are any of the currently supported Suse versions susceptible to this
> forkbomb attack? I'm not very sure what it is, but I'm sure many of you
> are. I'm running suse 8.2 pro and 9.1 pro.
> 
> http://www.securityfocus.com/columnists/308?ref=rssdebia
> -----------------------------------------------------------------------
> SUSE's reply was to install ulimit.  However the defaults are the same
> as if it were not installed with no suggestion of appropriate limits.
> Would anyone have any suggestions as to appropriate limits for the
> following system types.
> Workstation
> Web Server
> File Server
> Print Server