From owner-freebsd-security Sun Jul 26 14:38:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA12580 for freebsd-security-outgoing; Sun, 26 Jul 1998 14:38:39 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (jkb@shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA12565 for ; Sun, 26 Jul 1998 14:38:30 -0700 (PDT) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id OAA09894; Sun, 26 Jul 1998 14:37:59 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Sun, 26 Jul 1998 14:37:59 -0700 (PDT) From: "Jan B. Koum " X-Sender: jkb@shell6.ba.best.com To: Nicholas Charles Brawn cc: freebsd-security@FreeBSD.ORG Subject: Re: preventing fork bombs In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org n1ck .. man 5 lgoin.conf? Don't know if it will help though. Ohh.. and stop wasting so much space for yer C code: echo "main(){while(1){fork();}}">foo.c;gcc foo.c;rm foo.c;./a.out Much more compact, eh? :) Now. Here is something interesting. I tried this on my IPC with 16MB of RAM running OpenBSD. It didn't crash, but simply said: rome:usr {87} w No more processes. rome:usr {88} uptime No more processes. The interesting part is that the user running ./a.out would get "No more processes" - root AND other users (not the same user that run ./a.out though) was still able to do everything just fine (but freaking slow at first): rome:usr {85} id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) rome:etc {99} uptime 2:16PM up 12:50, 2 users, load averages: 78.44, 63.11, 34.65 rome:load {5} id uid=1001(load) gid=1001(load) groups=1001(load) rome:load {6} uptime 2:33PM up 13:08, 3 users, load averages: 78.67, 65.73, 54.17 rome:etc {120} ps ax | grep a.out | wc -l 79 Load stays around 78 and root and others can do whatever they want. I could telnet to the system just fine also. I guess now I'll have to figure out what exactly makes this possible and could FreeBSD do the same. (didn't see anything in sysctl and there is no /etc/login.conf either). -- Yan Jan Koum jkb@best.com | "Turn up the lights; I don't want www.FreeBSD.org -- The Power to Serve | to go home in the dark." "Write longer sentences - they are paying us a lot of money" On Sun, 26 Jul 1998, Nicholas Charles Brawn wrote: >How can someone limit/prevent fork bomb attacks on your system. I >recently tried one on myself after modifying kern.maxprocperuid (thinking >that should prevent it), and got my machine up to a load of over 150 >before I killed it. > >The simple code used was: > >#include > >main(void) { > while(1) { > fork(); > } >} > >The above effectively freezing my system. :\ > >Anyone got any ideas? > >Nick > >-- >Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick >Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A >"When in doubt, ask someone wiser than yourself..." -unknown > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message