Bugtraq mailing list archives
Re: fork()
From: exile () phoenix net (Tom Jones)
Date: Tue, 12 Dec 1995 14:11:33 -0600
O'm new to the list, so Im not sure if this has been covered, but someone can crash any system with a few lines of code. (tested on UNIX, LINUX)
[ code deleted ]
Somehow I knew that Linux and FreeBSD will bring back all these oldies, but goodies! :-) This is the ultimate Unix-based denial of service attack! It's been around since the dawn of Unix. On most systems, no you cannot control this. Limits can be placed on time of execution and size of processes (as well as disk quotas). Placing these limits on users can do things like terminate editing sessions in the middle. There should be a better way, but there isn't.
All you really need to do is set the limits high enough that most users won't be affected by them while stopping the while(1) fork(); kind of thing. All the major OS's that I know of let you set a user process limit. Here's a few: AIX: smit chgsys, or use chdev command HPUX: sam, under kernel configuration IRIX: systune -i (I think, it's been a while) OSF1: sysconfig (sysconfig -v -q proc to list current limit) SOLARIS: Guessing here, but it's probably a set entry in /etc/system. I don't have one sitting in front of me at the moment, sorry.
The only thing that should help protect you is that only root can use the last possible process. While it is difficult, root can be used to kill all these process off (easiest to use the process group of the parent: kill -pid).
It's pretty easy to write a script to kill off all the processes for a single user. I had one that let me send an optional nasty e-mail to the person with a command line switch :)
However, if you run the above program as root, then you're up the creek because it will use all of the remaining processes and leave nothing for you to stop it with.
That's pretty much true, as far as I know process limits are ignored for root on every machine. Cheers:) --Thomas Jones exile () phoenix net
Current thread:
- Cracked: WINDOWS.PWL Michael S. Fischer (Dec 05)
- Another tmpfs bug in SunOS 4 Arfst Ludwig (Dec 02)
- Re: Another tmpfs bug in SunOS 4 Pete Shipley (Dec 07)
- little whole on Suns concerning /dev/kbd Arfst Ludwig (Dec 02)
- Re: little whole on Suns concerning /dev/kbd Pete Shipley (Dec 07)
- Re: Cracked: WINDOWS.PWL [most services accessed by any version Rich Graves (Dec 05)
- fork() Alex Leipold (Dec 10)
- Re: fork() Scott Barman (Dec 11)
- Re: fork() Tom Jones (Dec 12)
- SECURITY: Announcing Splitvt 1.6.3 Sam Lantinga (Dec 13)
- Re: SECURITY: Announcing Splitvt 1.6.3 Alex Leipold (Dec 14)
- Re: fork() Scott Barman (Dec 11)
- Re: fork() JaDe (Dec 11)
- Re: fork() Nathan Lawson (Dec 11)
- Another tmpfs bug in SunOS 4 Arfst Ludwig (Dec 02)