Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Linux and forkbomb - with link
  • From: Philippe Vogel <filiaap@xxxxxxxxxx>
  • Date: Sat, 19 Mar 2005 13:00:43 +0100
  • Message-id: <423C146B.6010508@xxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Randall R Schulz schrieb:

> Jim,
>
> On Friday 18 March 2005 10:47, Jim Flanagan wrote:
>
>> ...
>>
>> Are any of the currently supported Suse versions suseptable to
>> this forkbomb attack? I'm not very sure what it is, but I'm sure
>> many of you are. I'm running suse 8.2 pro and 9.1 pro.
>>
>> http://www.securityfocus.com/columnists/308?ref=rssdebia
>
>
> From my SuSE 9.1 Pro:
>
> % ulimit -a core file size (blocks, -c) 0 data seg size
> (kbytes, -d) unlimited file size (blocks, -f) unlimited
> max locked memory (kbytes, -l) unlimited max memory size
> (kbytes, -m) unlimited open files (-n) 1024 pipe
> size (512 bytes, -p) 8 stack size (kbytes, -s)
> unlimited cpu time (seconds, -t) unlimited max user
> processes (-u) 16369 virtual memory (kbytes, -v)
> unlimited
>
>
> This suggests the vulnerability exists. Don't ask me to run the
> forkbomb script, though.
>
>
> Here's the story at my ISP:
>
> % ulimit -a core file size (blocks) 0 data seg size (kbytes)
> 20000 file size (blocks) 100000 max locked memory (kbytes)
> unlimited max memory size (kbytes) 10000 open files
> 1024 pipe size (512 bytes) 8 stack size (kbytes) 8192
> cpu time (seconds) 600 max user processes 7168
> virtual memory (kbytes) unlimited
>
> % uname -a Linux bolt.sonic.net 2.4.29-rc2-A-STAND #1 SMP Thu Jan
> 13 20:54:15 PST 2005 i686 unknown
>
>
>
> That looks better, but unless that host has s**tloads of RAM and
> some kind of CPU throttling, it might still be vulnerable.
> Definitely don't ask me to attack my own ISP. I need them!
>
>
>> Jim Flanagan
>
>
>
> Randall Schulz
>
So which values do you suggest?
Depending if the machine is a server or a workstation with multiple
users on it differences have to be made im memory usage and open files.
There is nothing said in the article what to do and how to prevent
this. There is only a "there is some malice script".

Reguards

Philippe

- --
Diese Nachricht ist digital signiert und enthält weder Siegel noch
Unterschrift!

Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt
gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az:
16 O 201/98). Jede kommerzielle Nutzung der übermittelten
persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich
untersagt!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQD1AwUBQjwUa0Ng1DRVIGjBAQILZwcAhg8TGQS4juk5wNHHMpM10vbEqVcAD7MJ
4en7krIKFUterXprrVFSRqaZQr009LLFtnnMWJHPfn/HeGzTrpgzCoL5DLDwQWhJ
di5tR3ReiWBAAyjrJcOc+zD1EIRNLbIRXF8aJLrwkwNCE8bcO8JEID7gFf4OTjIn
VC/hCvsVXuJQpkaKyEq+k15e8kWsdZ4F6ktGqqvguK0rKwPSbu4wB7nwWqdBfag3
s+Mauy5oxmaLg7SrK7hqOH4Z0YLmB/NS60IEwfHs9cgdb4zOVc7pXJBDq592VcJs
oSdNDEyuK4s=
=O4Wi
-----END PGP SIGNATURE-----


< Previous Next >
Follow Ups