Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Linux and forkbomb - with link
  • From: Randall R Schulz <rschulz@xxxxxxxxx>
  • Date: Fri, 18 Mar 2005 11:03:07 -0800
  • Message-id: <200503181103.07670.rschulz@xxxxxxxxx>
Jim,

On Friday 18 March 2005 10:47, Jim Flanagan wrote:
> ...
>
> Are any of the currently supported Suse versions suseptable to this
> forkbomb attack? I'm not very sure what it is, but I'm sure many of
> you are. I'm running suse 8.2 pro and 9.1 pro.
>
> http://www.securityfocus.com/columnists/308?ref=rssdebia

From my SuSE 9.1 Pro:

% ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 16369
virtual memory (kbytes, -v) unlimited


This suggests the vulnerability exists. Don't ask me to run the forkbomb
script, though.


Here's the story at my ISP:

% ulimit -a
core file size (blocks) 0
data seg size (kbytes) 20000
file size (blocks) 100000
max locked memory (kbytes) unlimited
max memory size (kbytes) 10000
open files 1024
pipe size (512 bytes) 8
stack size (kbytes) 8192
cpu time (seconds) 600
max user processes 7168
virtual memory (kbytes) unlimited

% uname -a
Linux bolt.sonic.net 2.4.29-rc2-A-STAND #1 SMP Thu Jan 13 20:54:15 PST 2005 i686 unknown



That looks better, but unless that host has s**tloads of RAM and some
kind of CPU throttling, it might still be vulnerable. Definitely don't
ask me to attack my own ISP. I need them!


> Jim Flanagan


Randall Schulz

< Previous Next >
References