From owner-freebsd-security  Sun Jul 26 14:38:39 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA12580
          for freebsd-security-outgoing; Sun, 26 Jul 1998 14:38:39 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (jkb@shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA12565
          for <freebsd-security@freebsd.org>; Sun, 26 Jul 1998 14:38:30 -0700 (PDT)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id OAA09894;
	Sun, 26 Jul 1998 14:37:59 -0700 (PDT)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Sun, 26 Jul 1998 14:37:59 -0700 (PDT)
From: "Jan B. Koum " <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: Nicholas Charles Brawn <ncb05@uow.edu.au>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: preventing fork bombs
In-Reply-To: <Pine.SOL.3.96.980726201812.20876A-100000@banshee.cs.uow.edu.au>
Message-ID: <Pine.BSF.3.96.980726135906.5143C-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


	n1ck .. man 5 lgoin.conf? Don't know if it will help though.
	Ohh.. and stop wasting so much space for yer C code:
echo "main(){while(1){fork();}}">foo.c;gcc foo.c;rm foo.c;./a.out
	Much more compact, eh? :)

Now. Here is something interesting. I tried this on my IPC with 16MB of
RAM running OpenBSD. It didn't crash, but simply said:

rome:usr {87} w
No more processes.
rome:usr {88} uptime
No more processes.

The interesting part is that the user running ./a.out would get "No more 
processes" - root AND other users (not the same user that run ./a.out
though) was still able to do everything just fine (but freaking slow at
first):

rome:usr {85} id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty),
5(operator), 20(staff), 31(guest)
rome:etc {99} uptime
 2:16PM  up 12:50, 2 users, load averages: 78.44, 63.11, 34.65
rome:load {5} id
uid=1001(load) gid=1001(load) groups=1001(load)
rome:load {6} uptime
 2:33PM  up 13:08, 3 users, load averages: 78.67, 65.73, 54.17
rome:etc {120} ps ax | grep a.out | wc -l
      79 

Load stays around 78 and root and others can do whatever they want.

I could telnet to the system just fine also. I guess now I'll have to
figure out what exactly makes this possible and could FreeBSD do the same.
(didn't see anything in sysctl and there is no /etc/login.conf either).

-- Yan

Jan Koum                  jkb@best.com |  "Turn up the lights; I don't want
www.FreeBSD.org --  The Power to Serve |   to go home in the dark."
"Write longer sentences - they are paying us a lot of money"

On Sun, 26 Jul 1998, Nicholas Charles Brawn wrote:

>How can someone limit/prevent fork bomb attacks on your system. I
>recently tried one on myself after modifying kern.maxprocperuid (thinking
>that should prevent it), and got my machine up to a load of over 150
>before I killed it.
>
>The simple code used was:
>
>#include <unistd.h>
>
>main(void) {
>	while(1) {
>		fork();
>	}
>}
>
>The above effectively freezing my system. :\
>
>Anyone got any ideas?
>
>Nick
>
>--
>Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick 
>Key fingerprint =  DE 30 33 D3 16 91 C8 8D  A7 F8 70 03 B7 77 1A 2A
>"When in doubt, ask someone wiser than yourself..." -unknown
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message