使用简单的 C 代码阻止用户锁定崩溃的 Linux 机器
有没有一种方法可以防止用户使用以下代码锁定 Linux 机器:
#import <stdio.h>
int main (int argc, char** argv)
{
while (1)
fork();
}
有问题的计算机位于计算机实验室中,所以我不能完全禁止编译...但是有什么方法可以确保这样进程只消耗系统资源的某一部分?任何用户都可以 ssh 进入任何系统,这一事实使这个问题变得更加重要,因此这还没有成为问题的唯一原因是大多数用户或多或少不熟悉 C 或其他低级语言。
不过,我还是想把这件事扼杀在萌芽状态……
Is there a way to prevent users from locking up a linux machine with code something along the lines of:
#import <stdio.h>
int main (int argc, char** argv)
{
while (1)
fork();
}
The computers in question are in a computer lab, so I can't exactly disallow compiling... but is there some way of ensuring such processes only consume a certain portion of the system resources? The importance of this issue is compounded by the fact that any user can ssh into any of the systems, so really the only reason this hasn't become a problem yet is most users are more or less unfamiliar with C or other low-level languages.
Still, I'd like to nip this one in the bud...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您可以限制每个用户允许创建的并发进程总数。我认为它位于
/etc/security/limits.conf中,并且NPROC字段是您需要设置的内容。更新:刚刚在此处查找 看来我的记忆力并没有让我失望:-)
最简单的方法是输入:
这会将所有用户限制为 50 个进程。您可能想要比这更细粒度的控制。
或者,如果您的系统上没有
limits.conf,您可以使用ulimit强制实施限制。您必须确保所有启动的进程都受到限制,例如将其放入/etc/profile和所有其他可能的入口点:You can limit the total number of concurrent processes that each user is allowed to create. I think it's in
/etc/security/limits.confand theNPROCfield is what you need to set.Update: Just looked it up here and it appears my memory isn't failing me after all :-)
The simplest way is to enter:
which will limit all users to 50 processes. You may want to have a little more fine-grained control than that.
Alternatively, you can use
ulimitto enforce the limit iflimits.confis not available on your system. You will have to ensure that all started processes are restricted by, for example, putting it into/etc/profileand all other possible entry points:请参阅维基百科关于 Fork Bomb 的“预防”部分。
See Wikipedia on Fork Bomb, section "Prevention".