On 2/2/06, Carl Hartung <suselinux@cehartung.com> wrote:
On Thursday 02 February 2006 10:28, Steve Graegert wrote:
Limits like the one you asked for help to prevent fork bombs.
\Steve
Could you be a little more specific, Steve? (Just kidding!) :-)
How common are these "fork bombs" and is this type of threat one that a typical SUSE desktop user should worry about? How transportable is your solution, Steve? Can it be implemented the same way in recent SUSE releases? (i.e. 9.2, 9.3 and 10.0?)
We have to distuingish between two settings that directly affect the maximum number of processes a user can create. First of all there is the shell. Calling 'ulimit -m' in my bash returns 6143 which means bash won't prevent users from creating 6143 processes. And there is a system imposed limit (sysconf). The latter can be overridden. I just ran a fork bomb on my system and I've not been able to lock it up (it ran for about 10 minutes). The number of processes did not exceed 6077. SuSE does not set any limits by default, at least not on my 9.3 (2.6.13.x). A fork bomb is usually of no concern to admins, since they do very little harm and most modern systems, notably Tru64 Unix, Solaris and others (I suppose Linux among them) are immune to these kinds of attacks. If a fork bomb locks these system it is very likely that these are the result of bugs in a kernel subsystem, e.g. memory management. In 2005 Fedora systems were affected by such a bug and Debian, for example, has not yet shown weaknesses related to local DoS attacks. Sometimes you can read articles about someone having written a program or script that brought a system down and blamed developers for bad coding and the like. Most of the times, they are not even able to name the resource that has been exhausted. A fork bomb like this: #include <stdio.h> int main(void) { while (1) fork(); return (0); } will do not more than slowing down a system but it will not lock it. \Steve -- Steve Graegert <graegerts@gmail.com> Software Consultant {C/C++ && Java && .NET} Office: +49 9131 7123988 Mobile: +49 1520 9289212