Has anyone ever actually been attacked by a "busy fork bomb"? Where do they come from? How do they get started? I see three scenarios:
1. Malicious software exploits some other vulnerability first, in which case rtkit or PAM limits are unlikely to do any good anyway.
2. A naive user clicks a link or opens an email with malicious code. Correct me if I'm wrong, but I'm under the impression that neither Firefox nor Thunderbird are usually run with real-time permissions?
3. A user runs malicious code they crafted themselves. It should go without saying that in this instance, real-time priority inheritance is the very least of the administrator's worries.