如何缓解 bash 中的 forkbomb?
How to mitigate a forkbomb in bash?
Fork 炸弹 :(){ :|:& };:,bash 产生 DoS(拒绝服务)并导致系统崩溃的函数。
我们如何缓解这种情况?
一种方法是通过/etc/security/limits.conf
限制每个用户的进程
还有什么吗?
如 How to prevent fork bomb? 中所述,编辑 ulimit 和 sysctl 是可行的方法。
但是,对于 root 这不起作用:
The superuser or any process with the CAP_SYS_ADMIN or
CAP_SYS_RESOURCE capabilities are not affected by that limitation,
that's not something that can be changed. root can always fork
processes.
If some software is not trusted, it should not run as root anyway.
Fork 炸弹 :(){ :|:& };:,bash 产生 DoS(拒绝服务)并导致系统崩溃的函数。
我们如何缓解这种情况?
一种方法是通过/etc/security/limits.conf
还有什么吗?
如 How to prevent fork bomb? 中所述,编辑 ulimit 和 sysctl 是可行的方法。
但是,对于 root 这不起作用:
The superuser or any process with the CAP_SYS_ADMIN or CAP_SYS_RESOURCE capabilities are not affected by that limitation, that's not something that can be changed.
rootcan always fork processes.If some software is not trusted, it should not run as
rootanyway.