http://home.tiscali.cz:8080/~cz210552/forkbomb.html
software that can be used to test your system. 2005/9/24, Arvind Autar <[EMAIL PROTECTED]>: > Hello, > > Selinux is perhaps not there yet, but debian could give it a hand No > third party hand if I may say so. > > However, how much of the time is it the software devolpers mistake > rather then SELinux's mistake? > > Another different question, how does debian handle fork bomb > protection? Is this kernel related? > > >cat /etc/security/limits.conf > > @dev hard core 100000 > @dev soft nproc 20 > @dev hard nproc 35 > @dev - maxlogins 10 > > If the user is added to the group "dev" then it will prevent atacks > like: perl -e "fork while fork" > http://en.wikipedia.org/wiki/Fork_bomb > > however, atacks like: in c: main(){while(1){fork();}}; in bash: while > : ; do tail /dev/urandom & done ; wait > do seem to work. There is a lack of documentation about this issue on > the debian.org documentation references. Maybe someone could clear > this up. A protection against these things would be nice, just like in > the old days when there was a default setting in the host tcp/ip > wrapper. > > Cheers, > > Arvind > > (Could you please be so kind and CC me, I'm not subscribed ) > > > 2005/9/21, Mike McCarty <[EMAIL PROTECTED]>: > > Arvind Autar wrote: > > > Helllo, > > > > > > I have been using debian for quite some time now, how ever I have > > > watched several distrobutions implentating so many great ideas, and I > > > have been wondering why such a robust distorbution as debian > > > GNU/Linux(*) hasn't done this. One of them is: > > > > > > SELinux > > > > > > If SELinux is also suitable for desktop users for example if we look > > > at the targeted policy (for fedora and RHEL) it > > > shows that it doesn't restrict users sessions. Short conclusion, there > > > is no loss of functionality, why hasn't debian implented SELinux as > > > default? > > > > Over in the Fedora lists, quite a number of the defects are related > > to SELinux. I've noticed that enabling SELinux took away quite a bit > > of functionality, not by design, but by defect. > > > > If it gets added to Debian, I suggest that it be shipped disabled. > > > > Frankly, unless one is running an Apache server or the like, I see > > no usefulness in it. And even if one runs a server like Apache, > > who is to say that SELinux doesn't add as many exploitable defects > > as holes it plugs, if not more? > > > > Mike > > -- > > p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} > > This message made from 100% recycled bits. > > You have found the bank of Larn. > > I can explain it for you, but I can't understand it for you. > > I speak only for myself, and I am unanimous in that! > > >
