[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter

From: Olivier Sessink
Subject: Re: [Jailkit-users] Prevent Fork Bombs on Jailed Python Interpreter
Date: Thu, 25 Oct 2007 22:52:04 +0200
User-agent: Icedove (X11/20071018)

Gregory Piñero wrote:
> I've set up a jailed Python interpreter.  Now I'm wondering how to
> prevent someone from running:
> while 1:
>     os.fork()
> and freezing up my system.  (A so called fork bomb.)  Do you guys have
> any advice?

the standard thing that works against fork bombs: limit the number of

But you're never going to stop somebody who can install their own
executables who wants to bring your server to a grinding halt. There are
much heavier attacks than fork bombs.

For example fork bombs that also use a lot of memory and open a lot of
file descriptors. These are much heaver for your system per process, so
a small number of processes can stop your system from functioning.

So if you expect your users to do these kind of things, you'll have to
prevent user executables: mount both /tmp and /home (in the jail) with
noexec (these should be the only places where users have write access)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]