Bug#300720: Bug#300725: Bug#300720: [Pkg-shadow-devel] Bug#300720: Login: Configuration does not load limits.so while others do
Olivier Sessink
Olivier Sessink <lists@olivier.pk.wau.nl>, 300720@bugs.debian.org
Sun, 08 May 2005 22:28:40 +0200
> I was not planning on pushing this into sid. While I think that Javier
> is correct, I don't see it as necessary for sarge; it can easily be
> corrected on a local basis. OTOH, if the release team says "yes,
> please do it", I wouldn't object: it *is* about safe as a change can
> be.
this makes all Sarge systems go down with a simple fork-bomb. This is
quite a serious security issue. I would even think this issue is big
enough to send a security update *after* the sarge release.
Did you read the slashdot story about system being affected by
fork-bombs? Debian Woody was not. Several other distributions were
affected, and quickly changed their policy. If Sarge will be affected by
a simple fork-bomb that is a serious regression.
regards,
Olivier