jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter

From: Gregory Piñero
Subject: Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter
Date: Thu, 25 Oct 2007 16:56:32 -0400 
On 10/25/07, Olivier Sessink <address@hidden> wrote:
> Gregory Piñero wrote:
> > I've set up a jailed Python interpreter.  Now I'm wondering how to
> > prevent someone from running:
> >
> > while 1:
> >     os.fork()
> >
> > and freezing up my system.  (A so called fork bomb.)  Do you guys have
> > any advice?
>
> the standard thing that works against fork bombs: limit the number of
> processes.
>

Thanks, that sounds like it would work.  Any advice on how to do that on Linux?


> But you're never going to stop somebody who can install their own
> executables who wants to bring your server to a grinding halt. There are
> much heavier attacks than fork bombs.
>
> For example fork bombs that also use a lot of memory and open a lot of
> file descriptors. These are much heaver for your system per process, so
> a small number of processes can stop your system from functioning.
>
> So if you expect your users to do these kind of things, you'll have to
> prevent user executables: mount both /tmp and /home (in the jail) with
> noexec (these should be the only places where users have write access)
>

I'm not expecting any of that.  Should be ok.

-Greg
reply via email to
[Prev in Thread] Current Thread [Next in Thread]