Jim, On Friday 18 March 2005 10:47, Jim Flanagan wrote:
...
Are any of the currently supported Suse versions suseptable to this forkbomb attack? I'm not very sure what it is, but I'm sure many of you are. I'm running suse 8.2 pro and 9.1 pro.
From my SuSE 9.1 Pro: % ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited file size (blocks, -f) unlimited max locked memory (kbytes, -l) unlimited max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 stack size (kbytes, -s) unlimited cpu time (seconds, -t) unlimited max user processes (-u) 16369 virtual memory (kbytes, -v) unlimited This suggests the vulnerability exists. Don't ask me to run the forkbomb script, though. Here's the story at my ISP: % ulimit -a core file size (blocks) 0 data seg size (kbytes) 20000 file size (blocks) 100000 max locked memory (kbytes) unlimited max memory size (kbytes) 10000 open files 1024 pipe size (512 bytes) 8 stack size (kbytes) 8192 cpu time (seconds) 600 max user processes 7168 virtual memory (kbytes) unlimited % uname -a Linux bolt.sonic.net 2.4.29-rc2-A-STAND #1 SMP Thu Jan 13 20:54:15 PST 2005 i686 unknown That looks better, but unless that host has s**tloads of RAM and some kind of CPU throttling, it might still be vulnerable. Definitely don't ask me to attack my own ISP. I need them!
Jim Flanagan
Randall Schulz