[2454] in bugtraq
Re: fork()
daemon@ATHENA.MIT.EDU (Tom Jones)
Thu Dec 14 00:20:54 1995
Date: Tue, 12 Dec 1995 14:11:33 -0600
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Tom Jones <exile@phoenix.net>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.SUN.3.91.951211114946.8548A-100000@di2> from "Scott Barman"
at Dec 11, 95 11:58:16 am
> > O'm new to the list, so Im not sure if this has been covered, but someone
> > can crash any system with a few lines of code. (tested on UNIX, LINUX)
> >
[ code deleted ]
>
> Somehow I knew that Linux and FreeBSD will bring back all these oldies,
> but goodies! :-)
>
> This is the ultimate Unix-based denial of service attack! It's been
> around since the dawn of Unix.
>
> On most systems, no you cannot control this. Limits can be placed on
> time of execution and size of processes (as well as disk quotas).
> Placing these limits on users can do things like terminate editing
> sessions in the middle. There should be a better way, but there isn't.
All you really need to do is set the limits high enough that most users
won't be affected by them while stopping the while(1) fork(); kind of
thing. All the major OS's that I know of let you set a user process
limit. Here's a few:
AIX: smit chgsys, or use chdev command
HPUX: sam, under kernel configuration
IRIX: systune -i (I think, it's been a while)
OSF1: sysconfig (sysconfig -v -q proc to list current limit)
SOLARIS: Guessing here, but it's probably a set entry in
/etc/system. I don't have one sitting in front of me
at the moment, sorry.
> The only thing that should help protect you is that only root can use
> the last possible process. While it is difficult, root can be used to
> kill all these process off (easiest to use the process group of the
> parent: kill -pid).
It's pretty easy to write a script to kill off all the processes for a
single user. I had one that let me send an optional nasty e-mail to the
person with a command line switch :)
> However, if you run the above program as root,
> then you're up the creek because it will use all of the remaining
> processes and leave nothing for you to stop it with.
>
That's pretty much true, as far as I know process limits are ignored for
root on every machine.
Cheers :)
--Thomas Jones
exile@phoenix.net
