?

Log in

I wondered why I woke up so happy this morning (especially after my… - The Desian Universe
Links Home / GitHub January 2017
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
 
 
 
deskitty
deskitty
Des
Fri, Mar. 18th, 2005 08:42 am
I wondered why I woke up so happy this morning (especially after my stupid server last night). I just poked my head outside and it's raining a bit. :)

(If you haven't already (and you actually care), do the meme.)

-- Des

Current Mood: content content

2CommentReplyShare

elvendude
elvendude
The Elf
Fri, Mar. 18th, 2005 06:03 pm (UTC)

http://www.securityfocus.com/columnists/308?ref=rssdebia


ReplyThread
deskitty
deskitty
Des
Fri, Mar. 18th, 2005 07:07 pm (UTC)

Yup. Forkbombing is possible (and not that hard) on most modern Unices. But the idea of forkbombing isn't to cripple the machine by consuming its CPU/RAM; the idea is to stop it completely by filling up is process table (and keeping it full), so it can't run any new programs. (Also, you have to have shell access to the machine. You can't, for example, cause a web server to start forkbombing unless you can find, say, a buffer overflow somewhere you can use to execute arbitrary code.)

However, it's trivially easy to prevent users from fork bombing. All you have to do is set a limit on the number of processes a user can run (say, 100), and optionally, the amount of RAM they can consume. Sure, you can slow the box down (sometimes quite significantly so) by forking as many processes as possible. However, you can no longer bring it to a grinding halt; the system administrator can still get in and fix things by killing off all your processes.

Of course, you have to set the limit in the first place. If you don't (and it probably should be set by default; I believe it isn't in most linux distributions), then well, you're screwed. ;)

As for the vulnerabilities ... ::shrug:: I don't recall seeing 21 of them, and of those that I have seen, I don't remember any of them as being particularly serious.


ReplyThread Parent