Re: Fork Bombing Attack

From: Michael Tokarev
Date: Fri May 18 2007 - 09:07:43 EST

Next message: Peter Williams: "Re: [patch] CFS scheduler, -v12"
Previous message: Satyam Sharma: "Re: Asynchronous scsi scanning"
In reply to: Anand Jahagirdar: "Re: Fork Bombing Attack"
Next in thread: Ahmed S. Darwish: "Re: Fork Bombing Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anand Jahagirdar wrote:
[]
> I found one more interesting thing on the same machine
> having FC6 distribution and Linux Kernel 2.6.18. i have set "ulimit -u
> 100". after setting this limit i tried to execute fork bombing program
> with guest account. after executing it
>
> expected result:- guest uesr should not able to fork another single
> process when it reaches to 100 processes count.
>
> actual result :- kernel allow me to create another processes without
> giving error. due to this i tried to execute same fork bombing program
> on another terminal with guest account and this fork bombing attack
> killed the box completely and machine needed reboot.

Do you know ulimits are a *process* property, not uid property?

That is, if, in some process of a giving user, you set ulimit value,
it does NOT affect other processes of the same user already running
at the same time, but only new processes forked off of this process
where you've set the limit. Limits are inheritable from parent to
child, but not the reverse and especially they don't "migrate" to
"brothers" or "brothers-in-law".

> will any please tell me why this is so?

It's because of the way ulimit works - on Linux and on other systems.

When you set limit of number of processes in some session, you can't
fork more processes *in this session* if total number of processes of
this user is >= the limit value you set. Other sessions are unaffected.

It's unclear what did you mean by ``i have set "ulimit -u 100"''.
Where did you set it?

Note also that when you log in (on a terminal, or over ssh, or using su
command), the limits are usually set to whatever specified for that user
in /etc/security/limits.conf - so for example, if you set a limit and
use su to change uid, your limit is reset.

/mjt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Williams: "Re: [patch] CFS scheduler, -v12"
Previous message: Satyam Sharma: "Re: Asynchronous scsi scanning"
In reply to: Anand Jahagirdar: "Re: Fork Bombing Attack"
Next in thread: Ahmed S. Darwish: "Re: Fork Bombing Attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]