Re: Fork bombing a Linux machine as a non-root user

From: David Curry (dsccable_at_comcast.net)
Date: 03/21/05

  • Next message: mikec: "modem" 
    Date: Sun, 20 Mar 2005 21:19:27 -0500
To: For users of Fedora Core releases <fedora-list@redhat.com>

    William Hooper wrote:

    >David Curry said:
    >
    >
    >>The thing about hackers, though, is that only they know what it is they
    >>want to do. A fork bomb may be a lesser risk than something else, but
    >>it is nevertheless a risk that many newcomers to linux are unaware of.
    >>
    >>
    >
    >At the point that a malicious person can run any arbitrary process on your
    >machine you no long have control over it, regardless if they are able to
    >fork bomb the machine or not.
    >
    >
    >
    Perhaps, and perhaps not. I can envision a scenario in which a hacker
    reaches user space and authorities, but has not penetrated the user/root
    divide.

    >Basing an argument on what someone can do after you have been hacked
    >doesn't make sense. Should we take away wget because after you have been
    >hacked someone can use it to download more evil code? Or bash, because
    >the hacker can make scripts?
    >
    >
    >
    See above comment.

    >>A better practice would be to set installatioin defaults at levels that
    >>will clearly support installation of the OS, make those default
    >>installation values known to the ops, and expect ops to address the
    >>resource allocation issue at time of installation.
    >>
    >>
    >
    >Which leads to a bunch of people complaining about the defaults having to
    >be changed. You yourself commented in another thread about having to
    >change the defaults for sound settings was an "irritating PITA".
    >
    >
    >

    Two points. First, your logic clearly implies that a system op
    installing with historic default settings for user resource permissions
    usually does not lift a finger. Just installs and goes. THAT is a
    silly argument for someone to make after citing Dave Jones' earlier
    remarks which made the point that OS distributors are not in a position
    to use default settings suitable for all ops on all systems. And, the
    argument implies that either all system ops can disregard the risk of
    fork bombing regardless of how their systems or used or that the system
    ops have no idea of what the default settings are and the risks those
    settings expose them to. Second, sound card default settings and user
    resource limits are not analogous. System resource allocations apply to
    all systems whereas sound card default settings apply to only those
    systems with sound chips/cards installed. It seems to me that if
    someone has CHOSEN a system with sound capabilities then it is rational
    to presume that the system op expects/wants sound. Past Fedora releases
    have compelled every op with sound hardware to change the default
    settings while the issue simply does not arise for system ops without
    sound hardware. That is, 100% of ops with sound hardware must take
    explicit action to override the default settings.

    >>>To use your car analogy, would you expect to buy a car and have it's
    >>>speed limited to 35 MPH, because that is the speed limit on the street
    >>>you bought it?
    >>>
    >>>
    >>>
    >>I expect a car to run at idling speed in neutral gear until I as an op
    >>decide to use more of the resource available. At which time, as an op I
    >>allocate more resources by putting the vehicle into gear and provide more
    >>fuel to accelerate.
    >>
    >>
    >
    >Unfortunately, what would happen in the real world would be a bunch of
    >posts to this list along the lines of "how do I get my car to move" and
    >"well, I never had to do that with my Microsoft car, these Linux cars
    >suck". And the the associated CARnews articles about how the Fedora car
    >is horrible because you have to put it in gear instead of just going.
    >
    >
    Yes, as you point out there would be some people who would make
    derogatory comparative statements asserting that Windows was better.
    Some of the people making such comments would be the personalities that
    try to wing everything and skip reading anything ahead of time. The
    others would be Windows enthusiats looking for any opportunity to slam
    linux regardless of the absence of any supporting factual foundation.
    The reality is that there are differences of opinion and preferences in
    the world and any approach, no matter how sensible and reasoned will
    elicit complaints from some. I am of the opinion that conspicuous
    disclosure of default installation resource allocations is ample
    warning and defense against the hew and cry you forecast.

    >You can't have it both ways.
    >
    Is it me that is seeking to have it both ways? I don't think so. See
    my earlier remarks.

    >If people have enough knowledge to change an
    >arbitrarily low limit, they also have enough knowledge to adjust a higher
    >limit (assuming they need it in their particular situation). Again, to
    >quote Dave Jones: "...it solves one problem and brings a lot of new ones."
    >
    >
    >
    See points made in second insert above.

    >--
    >William Hooper
    >
    >
    >
    Cheers ! :-) 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: mikec: "modem"