On 2/2/06, Carl Hartung
On Thursday 02 February 2006 10:28, Steve Graegert wrote:
Limits like the one you asked for help to prevent fork bombs.
\Steve
Could you be a little more specific, Steve? (Just kidding!) :-)
How common are these "fork bombs" and is this type of threat one that a typical SUSE desktop user should worry about? How transportable is your solution, Steve? Can it be implemented the same way in recent SUSE releases? (i.e. 9.2, 9.3 and 10.0?)
We have to distuingish between two settings that directly affect the
maximum number of processes a user can create. First of all there is
the shell. Calling 'ulimit -m' in my bash returns 6143 which means
bash won't prevent users from creating 6143 processes. And there is a
system imposed limit (sysconf). The latter can be overridden.
I just ran a fork bomb on my system and I've not been able to lock it
up (it ran for about 10 minutes). The number of processes did not
exceed 6077.
SuSE does not set any limits by default, at least not on my 9.3 (2.6.13.x).
A fork bomb is usually of no concern to admins, since they do very
little harm and most modern systems, notably Tru64 Unix, Solaris and
others (I suppose Linux among them) are immune to these kinds of
attacks. If a fork bomb locks these system it is very likely that
these are the result of bugs in a kernel subsystem, e.g. memory
management. In 2005 Fedora systems were affected by such a bug and
Debian, for example, has not yet shown weaknesses related to local DoS
attacks.
Sometimes you can read articles about someone having written a program
or script that brought a system down and blamed developers for bad
coding and the like. Most of the times, they are not even able to
name the resource that has been exhausted.
A fork bomb like this:
#include