Bug 206289
Summary: | Fedora is succetible to forkbombs by a user. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Victor Bogado <bogado> |
Component: | kernel | Assignee: | Dave Jones <davej> |
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | CC: | pfrields, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/columnists/308 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-09-14 06:21:13 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Victor Bogado
2006-09-13 14:39:41 UTC
man ulimit Do you really feel that this should be a default and that this is not a BUG? What I mean is that in the default instalation a user can halt a system, without any priviledges, a situation that could be fixed by a simple switch on the defaults. What is the use of having SELinux if you can simply forkbomb the machine???? Now follow me here, SELinux is installed so if a service is compromised the service will not be able to do damage on the system, correct? But httpd have to be able to fork, and as such one person that compromises a httpd server can bring the machine down with all other services with it. I, in my humble opinion, think that this limit in number of proccess a user can have should have been setted to a reasonable number in the kernel, ulimit is a bash feature and does not affect programs that are started by other means, or am I mistaken? |