Re: fork()

[exile () phoenix net (Tom Jones)]

> > O'm new to the list, so Im not sure if this has been covered, but someone
> > can crash any system with a few lines of code. (tested on UNIX, LINUX)
[ code deleted ]
> Somehow I knew that Linux and FreeBSD will bring back all these oldies,
> but goodies!  :-)
>
> This is the ultimate Unix-based denial of service attack!  It's been
> around since the dawn of Unix.
>
> On most systems, no you cannot control this.  Limits can be placed on
> time of execution and size of processes (as well as disk quotas).
> Placing these limits on users can do things like terminate editing
> sessions in the middle.  There should be a better way, but there isn't.

All you really need to do is set the limits high enough that most users
won't be affected by them while stopping the while(1) fork(); kind of
thing.  All the major OS's that I know of let you set a user process
limit.  Here's a few:

AIX:    smit chgsys, or use chdev command
HPUX:   sam, under kernel configuration
IRIX:   systune -i (I think, it's been a while)
OSF1:   sysconfig (sysconfig -v -q proc to list current limit)
SOLARIS:        Guessing here, but it's probably a set entry in
                /etc/system.  I don't have one sitting in front of me
                at the moment, sorry.

> The only thing that should help protect you is that only root can use
> the last possible process.  While it is difficult, root can be used to
> kill all these process off (easiest to use the process group of the
> parent: kill -pid).

It's pretty easy to write a script to kill off all the processes for a
single user.  I had one that let me send an optional nasty e-mail to the
person with a command line switch :)

> However, if you run the above program as root,
> then you're up the creek because it will use all of the remaining
> processes and leave nothing for you to stop it with.

That's pretty much true, as far as I know process limits are ignored for
root on every machine.

Cheers:)

--Thomas Jones
exile () phoenix net