Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Linux and forkbomb - with link
  • From: Sven 'Darkman' Michels <sven@xxxxxxxxxx>
  • Date: Mon, 21 Mar 2005 13:54:46 +0100
  • Message-id: <423EC416.7050509@xxxxxxxxxx>
Hash: SHA1

Randall R Schulz wrote:
| I find it hard to believe an interactive user would need much more than
| 100 processes. Logged in to a KDE session with the usual panoply of
| gadgets running, I'm using only 43 processes. Perhaps some users with
| special needs might, but they can be granted more.

Well, maybe i'm not a normal user, but i don't use kde at all at the
moment on my desktop and have around 125 processes running. And i'm
not doing any multimedia stuff at all atm. So its not that easy to
say 'noone will need more than around 100 processes'. The next problem
is, even with only a few you can crash a box. Finetuneing the limits
is hard if you want to do some 'general rules', some apps may need more
then x meg of ram, so they won't work anymore. If you allow users to
start maybe 100 processes with 16 meg ram each you'll need up to 1,6gb
of ram for just one user to prevent him from bombing your box. If he
eats up all your mem, your kernel will normaly start to kill processes.
With the newer OOM Killer this may work better then it did in the last
years because the OOM Killer just started to kill stuff, if you had an
bad day, he would start with things like sshd...

| The malicious script is utterly trivial. Robustly solving the problem
| with out interfering with legitimate patterns of use is probably much
| harder.

the only bomb i can actually remember is this one:
(:(){ :|:;};:)
(kids, don't try this at home ;-)
It looks so easy and kills so much ;-)

| However, on my SuSE 9.1 system, unmodified w.r.t. to the pertinent
| limits, I've three times had the system rendered useless and was forced
| to press the hardware reset button (!) by a runaway process that
| consumed so much memory that nothing else could happen.

Well yeah, but the problem still exsist: where to set the limit to?
Not every user will be able to set such limits, so you have to set
them in a clever way. Take openoffice as a start, it needs much more
cpu and ram then many many other apps. If you allow enough of mem/cpu
to run openoffice, then you're maybe back to the original problem:
your limits won't work for such a bomb. As said in other posts, if
someone will bring your box down, he can do it (as long as he's a
local user).

Version: GnuPG v1.2.2 (GNU/Linux)


< Previous Next >
Follow Ups