Re: forkbombing Linux distributions

From: Natanael Copa (mlists_at_tanael.org)
Date: 03/23/05

  • Next message: Jeff Garzik: "Re: [2.6 patch] drivers/net/eql.c: kill dead code" 
    To: Kyle Moffett <kmoffett@tjhsst.edu>
Date:	Wed, 23 Mar 2005 21:26:53 +0100

    On Wed, 2005-03-23 at 14:38 -0500, Kyle Moffett wrote:
    > On Mar 23, 2005, at 09:43, Jan Engelhardt wrote:
    > >> brings down almost all linux distro's while other *nixes survives.
    > >
    > > Let's see if this can be confirmed.
    >
    > Here at my school we have the workstations running Debian testing. We
    > have edited /etc/security/limits.conf to have a much more restrictive
    > startup environment for user processes, limiting to 100 processes per
    > user and clamping maximum CPU time to 4 hours per process.

    Thats great. I was was thinking of the default settings. (its even
    possible to lock down a windows machine to be "secure")

    Also the daemons started from bootscripts that is not aware of PAM is
    not affected by those settings. So an exploited security flaw in a
    service would allow an attacker to bring the system down even if the
    service is running as non-root.

    Try running this from a boot script and you'll see that even if this
    process is setuid, it will be able to fork more than 100 processes per
    user:

    /* this program should be started as root but it changes uid */

    #define TTL 300
    #define MAX 65536
    #define UID 65534

    int pids[MAX];
    int main(int argc, char *argv[]) {
            int count = 0; pid_t pid;
            if (setuid(UID) < 0) {
                    perror("setuid");
                    exit(1);
            }
            while ((pid = fork()) >= 0 && count < MAX) {
                    if (pid == 0) sleep(TTL);
                    pids[count++] = pid;
            }
            printf("Forked %i new processes\n", count);
            while (count--) kill(pids[count], SIGTERM);
            return 0;
    }

    > In any case, I think
    > that while there could perhaps be a better interface for user-limits
    > in the kernel, the existing one works fine for most purposes, when
    > combined with appropriate administrative tools.

    My point is, the default max allowed processes per user is too high. It
    better to open up a restrictive default than locking down an generous
    default. 

    --
Natanael Copa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: Jeff Garzik: "Re: [2.6 patch] drivers/net/eql.c: kill dead code"

    Relevant Pages

    • Re: [PATCH] PXA255 LCD Driver
      ... The patch is littered with FIXME, TODO and debugging cruft ... I couldn't find suitable places for a few settings. ... Ian Campbell, Senior Design Engineer ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: deadlocks caused by ext3/reiser dirty_inode calls during do_mmap_pgoff
      ... The patch tries to fix both reiserfs and generic_file_write. ... int status; ... * returns zero on success, ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PATCH] i386/x86_64 fpu: fix x87 tag word simulation using fxsave
      ... unsigned long tag; ... unsigned long ret = 0xffff0000u; ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: Time sliced CFQ io scheduler
      ... ext2 is not so bad and xfs behaves best, ie my email client ... > These are the first I tried, there may be better settings. ... > device the dm/raid is composed of. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: [PATCH] Restartable poll(2)
      ... Does nobody think a system call is interrupted by SIGSTOP is ... int retval; ... > This patch makes pollrestartable. ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)