Date: Tue, 29 Apr 1997 14:21:58 +0200 (MET DST) From: Andrzej Bialecki <abial@korin.warman.org.pl> To: freebsd-hackers@FreeBSD.ORG Subject: Who enforces the `limits` ? (Or: The Forkin' Monster) Message-ID: <Pine.NEB.3.95.970429140901.20882A-100000@korin.warman.org.pl>
index | next in thread | raw e-mail
Hi All!
It was Friday afternoon, and I was rather bored. So I wrote the following
program:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main()
{
while(1) {
fork();
}
exit(0);
}
I compiled it and run as a normal user. It effectively locked up my
machine. For all practical purposes <g> it constitutes very effective DoS
attack.
So here are my questions:
* How to defend against such a hostile process?
* How to enforce the `limits`, as shown by e.g. csh, in order to protect
system from running out of resources (e.g. kernel proc table entries)?
(BTW. I previously set limits on maxprocesses to 50. I'm running kernel
with "maxusers 10").
To put it mildly, I feel rather uncomfortable, knowing that any user can
do such harm to my system.
Sincerely yours,
---
Andrzej Bialecki FreeBSD: Turning PCs Into Workstations
<abial@warman.org.pl> http://www.freebsd.org
Research and Academic Network in Poland
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.95.970429140901.20882A-100000>