Why no forkbomb protection?

skymt · 2007-06-27 21:11:52

The following code will bring down a default Arch install if entered in a shell:

:() { :|:& }; :

It's called a forkbomb, and it works by spawning infinite processes, hogging all available resources and making the system unresponsive. It's also completely preventable. The ulimit command sets resource consumption limits for each user. If Arch set a reasonable default process limit (400 should be safe, I can't imagine a single user hitting it except in a forkbomb situation) in /etc/profile, it would remove a potential DoS risk with no real side effects.

colnago · 2007-06-27 21:28:58

I think ulimit is set, but maybe too high (8190?). I will check when I get home. The last time I tried to fork bomb arch, it came back. Maybe it just took a bit to hit the limit and you restarted before that? ...or maybe the config was changed and i am blowing hot air.

Cheers

Login_Here · 2007-06-27 21:36:02

The output of ulimit -u (max user processes) is 32768, which I assume is more than enough for a fork bomb to make a computer unresponsive.

somairotevoli · 2007-06-27 21:41:23

Mine is

bash-3.2$ ulimit -u
4095

I have not changed mine. hmm

Login_Here · 2007-06-27 21:51:36

I haven't changed mine either. It probably varies depending on the specifications of the computer Arch has been installed on.

lucke · 2007-06-27 21:59:58

There's been some topics about forkbombs already.

cactus · 2007-06-27 23:00:45

this has been covered before

the best option right now: set ulimits yourself.
my ulimit is unset (test box), and it is defaulting to 768.
Pretty sure it is based on memory and other system info..

Kenetixx · 2007-06-28 18:05:55

LOL just tried this on a server box at work and killed it

ataraxia · 2007-06-28 18:47:40

Kenetixx wrote:

LOL just tried this on a server box at work and killed it

Are you sure your original name here on this forum wasn't more appropriate?

Ramses de Norre · 2007-06-30 12:20:56

On my machine I have my limits set to allow maximal 1024 procs, the bash bomb ( :(){ :|:& };: ) ended after like half a minute but when I executed "perl -e "fork while fork" " I had put myself in a giant DoS, whatever I tried to execute gave me a "fork: resource temporally unavailable" and I was totally locked out while perl kept my cpu at 100% and my procs kept jumping up to 1024...
I managed to kill my screen session and that stopped it... But in a tty without screen I would have been totally locked out... I couldn't even login in another tty because setuid couldn't fork...

So the limit stuff gives full protection against bash bombs but perl still manages to achieve a DoS...

Last edited by Ramses de Norre (2007-06-30 12:21:07)

hacosta · 2007-07-01 01:51:51

well if this is a single user system the best protection in to not run it (:

Ramses de Norre · 2007-07-01 10:23:16

hacosta wrote:

well if this is a single user system the best protection in to not run it (:

I was curious whether I was protected or not

oli · 2007-07-01 18:12:13

Arch is an operating system with the able user in mind, so it's up to you.

Ramses de Norre · 2007-07-01 18:32:40

oli wrote:

Arch is an operating system with the able user in mind, so it's up to you.

Yes, but the problem with a forkbomb is the non-root user being able to crash the machine (or at least cause a DoS). I knew very good what I was doing when I executed those forkbombs but I wanted to test what the abilities of non-root users were in an Arch system and it seems like the knowledgeable dude that gets access to your machine can crash it easily...

_adam_ · 2007-07-01 21:15:01

this largely depends on the system and how much it can handle before crashing. there is no one perfect solution to forkbombs. you as the admin, need to assess the situation for your machine and make the changes accordingly in /etc/security/limits.

normc · 2007-07-02 01:19:58

When I tried it all I get is

bash: fork: Resource temporarily unavailable

It does this for a while (couple of minutes) then stops. Any thing else I'm running keeps working.

raul_nds · 2007-07-02 07:28:24

Lol. I didn't even know about this. When I wanted to do fork bombs I just wrote a program in C =\ I guess this is the kind of things that it should be up to the user. Every process is a fork of some other. I once wrote a project for college that had an insane ammount of forks, but without crashing the computer, so I guess there really isn't a good number to choose as a limit.

Ramses de Norre · 2007-07-02 09:06:32

normc wrote:

When I tried it all I get is
bash: fork: Resource temporarily unavailable
It does this for a while (couple of minutes) then stops. Any thing else I'm running keeps working.

That's what bash does here too, but perl is naughtier...

Arch Linux

#1 2007-06-27 21:11:52

Why no forkbomb protection?

#2 2007-06-27 21:28:58

Re: Why no forkbomb protection?

#3 2007-06-27 21:36:02

Re: Why no forkbomb protection?

#4 2007-06-27 21:41:23

Re: Why no forkbomb protection?

#5 2007-06-27 21:51:36

Re: Why no forkbomb protection?

#6 2007-06-27 21:59:58

Re: Why no forkbomb protection?

#7 2007-06-27 23:00:45

Re: Why no forkbomb protection?

#8 2007-06-28 18:05:55

Re: Why no forkbomb protection?

#9 2007-06-28 18:47:40

Re: Why no forkbomb protection?

#10 2007-06-30 12:20:56

Re: Why no forkbomb protection?

#11 2007-07-01 01:51:51

Re: Why no forkbomb protection?

#12 2007-07-01 10:23:16

Re: Why no forkbomb protection?

#13 2007-07-01 18:12:13

Re: Why no forkbomb protection?

#14 2007-07-01 18:32:40

Re: Why no forkbomb protection?

#15 2007-07-01 21:15:01

Re: Why no forkbomb protection?

#16 2007-07-02 01:19:58

Re: Why no forkbomb protection?

#17 2007-07-02 07:28:24

Re: Why no forkbomb protection?

#18 2007-07-02 09:06:32

Re: Why no forkbomb protection?

Board footer