Fork-bombing Linux – a Lesson in Poor Defaults

My good friend Alec Muffett has blogged an article from SecurityFocus about the vulnerability of default Linux system installs to, what he neatly call, "The triumphant return of: main(){while(1)fork();}".

It’s sad to see that many Linux distros (Debian being the notable exception) still ship with bad defaults that don’t prevent a non-privileged user fork-bombing a box. Certainly something that needs to be addressed as it’s all part of the “defence in depth” that any system needs.