Linux Kernel Security. forkbomb havoc

[Calum]

Yea, someone has to break into my system to forkbomb it in the first place, I don't think that will happen though.

this misses the point.

on a system with many users (say at a university) where you don't know or trust the users, you still need to be able to impose these sorts of restrictions effectively.

a lot of these security issues do not apply if you use linux on your home laptop or whatever, but *ix is supposed to be a fully functional multi-user networking environment.

[Kintaro]

Yea, well in that case they better set a good process limit.

[muzzy]

on a system with many users (say at a university) where you don't know or trust the users, you still need to be able to impose these sorts of restrictions effectively.

Just hoping for best seems to work in practice, at least in my university (cs.helsinki.fi)

nikki@melkki:~$ ulimit -a
core file size        (blocks, -c) 0
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
max locked memory     (kbytes, -l) 32
max memory size       (kbytes, -m) unlimited
open files                    (-n) 1024
pipe size          (512 bytes, -p) 8
stack size            (kbytes, -s) 10240
cpu time             (seconds, -t) unlimited
max user processes            (-u) 32755
virtual memory        (kbytes, -v) unlimited

I'd also like to mention the network has 3 terabytes of diskspace without quotas. As long as everyone acts nice, things work fine

[Kintaro]

Holy fuck.

Im enrolling.

[muzzy]

Holy fuck.

Im enrolling.

I'd also like to mention the network connectivity is blazing fast, and they give access to hundreds of linux boxes all over the university network. (every computer in every classroom)

Yeah, and it's practically free, except they're currently thinking about making it more expensive for foreigners. I think I spend more to living expenses per month than the university makes me pay per year. It's absolutely fantastic

Someday I'll regain my motivation to do some studying too, I feel a little guilty for using the university account as a glorified website hosting service ;D

[Kintaro]

Holy shit, im going there or canada, thats for sure, here in australia University costs more then the average house.

[muzzy]

Yea, I hear education is expensive abroad. Here, it's damned cheap. Students get cheap housing too. Helsinki University of Technology (hut.fi) has a student village, for example, with 100M net throughout the place. As added bonus, the rent is cheaper than in the public sector. Sounds wonderful, huh?

Finland kicks ass

[Calum]

yeah, we have finland to thank for linux of course. it originates in helsinki.

[Kintaro]

We have thousands and thousands of people to thank for GNU/Linux/xorg/mozdev/and more and more, millions in fact if we include the people who brought them up.