Re: Security - how to notice compromises.

[Al Hudson <nospam [at] york.ac.uk>]

On Fri, 25 Feb 2000, Richard Stevenson wrote:

> > I just *know* someone's going to try it. It shouldn't damage your system,
> > it's just well annoying. Prize to anyone whose system stands up for more
> > than a second or two!
> 
> <cough> per-user resource limits... man sh|bash|tcsh|ksh

Heh, true, but it's not really the number of processes that does the
damage so much as the rate at which they're created.. I've never heard of
anyone trying to renice a fork bomb either!! Plus, I'm not sure which
resources you'd limit to knock a bomb out - kernel time? context
switching? Plus, you've not got rid of the bomb, only contained it, which
is esp. annoying if the user wasn't the one who ran the program (i.e., it
was  a trojan, or something). Sure, the server's still up, but the user's
buggered ;)

Cheers,

Alex.


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.