Fork bomb protection not working : Amount of processes not limited

I just came to realize that my system is not limiting the amount of processes per user properly thus not preventing a user from doing a fork-bomb and crashing the entire system:

user@thebe:~$ cat /etc/security/limits.conf | grep user
user        hard    nproc   512
user@thebe:~$ ulimit -u
1024
user@thebe:~$ :(){ :|:& };:
[1] 2559
user@thebe:~$ ht-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
...
Connection to thebe closed by remote host.

Is this a bug or why is it ignoring the limit in limits.conf and why is not applying the limit that ulimit -n claims it to be?

PS: I really don't think the memory limit is hit before the process limit. This machine has 8GB ram and it was using only 4% of it at the time when I dropped the fork bomb.

EDIT:

I managed to reproduce this on a live CD. So I guess this must be a bug. It basically ends up killing all processes, including system critical things like X11, SSHD etc.

Any user can crash the system.


Solution 1:

Turns out that /etc/security/limits.conf does work, but needs reboot before it gets interpreted. A log-out is not sufficient.

I recommend to anybody to a limit to the config file like

user hard nproc 512

Replace user with any username that you would want to limit.

Or, better:

@group hard nproc 512

Replace group with any user-group that you want to limit.