Date: Sun, 26 Jul 1998 15:38:01 -0700 (PDT) From: Liam Slusser <liam@tiora.net> To: "Jan B. Koum " <jkb@best.com> Cc: Nicholas Charles Brawn <ncb05@uow.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: preventing fork bombs Message-ID: <Pine.BSF.3.96.980726153558.17025A-100000@orbital.tiora.net> In-Reply-To: <Pine.BSF.3.96.980726135906.5143C-100000@shell6.ba.best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
i tried that on my system, orbital# 3:11PM up 45 days, 1:12, 3 users, load averages: 511.89, 384.91, 198.55 orbital# notice..511..not bad for a pentium 133 ;) though if you run it at a nice +15, it just jumps the load avg...and other users hardly notice..;) (that 511 was a nice +15) liam On Sun, 26 Jul 1998, Jan B. Koum wrote: > > n1ck .. man 5 lgoin.conf? Don't know if it will help though. > Ohh.. and stop wasting so much space for yer C code: > echo "main(){while(1){fork();}}">foo.c;gcc foo.c;rm foo.c;./a.out > Much more compact, eh? :) > > Now. Here is something interesting. I tried this on my IPC with 16MB of > RAM running OpenBSD. It didn't crash, but simply said: > > rome:usr {87} w > No more processes. > rome:usr {88} uptime > No more processes. > > The interesting part is that the user running ./a.out would get "No more > processes" - root AND other users (not the same user that run ./a.out > though) was still able to do everything just fine (but freaking slow at > first): > > rome:usr {85} id > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), > 5(operator), 20(staff), 31(guest) > rome:etc {99} uptime > 2:16PM up 12:50, 2 users, load averages: 78.44, 63.11, 34.65 > rome:load {5} id > uid=1001(load) gid=1001(load) groups=1001(load) > rome:load {6} uptime > 2:33PM up 13:08, 3 users, load averages: 78.67, 65.73, 54.17 > rome:etc {120} ps ax | grep a.out | wc -l > 79 > > Load stays around 78 and root and others can do whatever they want. > > I could telnet to the system just fine also. I guess now I'll have to > figure out what exactly makes this possible and could FreeBSD do the same. > (didn't see anything in sysctl and there is no /etc/login.conf either). > > -- Yan > > Jan Koum jkb@best.com | "Turn up the lights; I don't want > www.FreeBSD.org -- The Power to Serve | to go home in the dark." > "Write longer sentences - they are paying us a lot of money" > > On Sun, 26 Jul 1998, Nicholas Charles Brawn wrote: > > >How can someone limit/prevent fork bomb attacks on your system. I > >recently tried one on myself after modifying kern.maxprocperuid (thinking > >that should prevent it), and got my machine up to a load of over 150 > >before I killed it. > > > >The simple code used was: > > > >#include <unistd.h> > > > >main(void) { > > while(1) { > > fork(); > > } > >} > > > >The above effectively freezing my system. :\ > > > >Anyone got any ideas? > > > >Nick > > > >-- > >Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick > >Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A > >"When in doubt, ask someone wiser than yourself..." -unknown > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980726153558.17025A-100000>