Re: fork()

[jadestar () NETCOM COM (JaDe)]

> O'm new to the list, so Im not sure if this has been covered, but someone
> can crash any system with a few lines of code. (tested on UNIX, LINUX)
        <!-- # classic fork bomb elided  -->

        Actually this usually won't *crash* a Linux box.  Usually
        it will just make the system comatose-level unresponsive for
        a few minutes (until the fork bomp exceeds the user's process
        allotment and gets killed).

        I've heard that most Unix kernels can be "tuned" (compiled with
        specific options) to be much more restrictive on user space
        processes -- to prevent this.

        I haven't see that covered here un bugtraq -- though I
        expect everyone on this list as heard of it and most have
        evaluated their system's behaviour when faced with a running
        fork bomb (better the sysadmin should crash the machine
        intentionally -- right after a backup -- than that he/she should
        suddenly get broad-sided).

        Clearly this is a denial of service attack that requires shell
        access.  The general unix security philosophy is that a
        sysadmin can't prevent DOS attacks by shell users (without
        severely limiting their effective work).

        So if you have a user community that might take this sort
        of inexcusably anti-social action -- don't issue shell, telnet,
        or rlogin/rsh/rexec privileges to them.  (And don't think you
        can just remove the c compiler to limit this -- PERL and the
        shell scripting languages themselves are more than adequate to
        mount this attack).