lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 18 May 2007 16:43:50 +0530
From:	"Anand Jahagirdar" <anandjigar@...il.com>
To:	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Fork Bombing Attack

Hello All
           I tried to execute a program which creates 8152 process.(
i=0; while( i<14) i++ fork(); )  with ulimit 8200. This program
created 8152 processes and then stopped and came back to command
prompt. this proves that my machine do have sufficient resources to
create 8000 processes.

           I found one more interesting thing on the same machine
having FC6 distribution and Linux Kernel 2.6.18. i have set "ulimit -u
100". after setting this limit i tried to execute fork bombing program
with guest account. after executing it

expected result:-  guest uesr should not able to fork another single
process when it reaches to 100 processes count.

actual result :-  kernel allow me to create another processes without
giving error. due to this i tried to execute same fork bombing program
on another terminal with guest account and this fork bombing attack
killed the box completely and machine needed reboot.

will any please tell me why this is so?

Regards
Anand

On 5/17/07, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
> On Thu, 17 May 2007 20:15:32 +0530, Anand Jahagirdar said:
> > Hello All
> >               I have set per user process limit ( ulimit) for both
> > root and guest account as 8000 by using option ulimit -u 8000.this is
> > Hard limit.  still fork bombing attack killed the box and machine
> > needed reboot. will any body please tell me why this is so? i have
> > tried all this attack on machine with FC6 and Linux kernel 2.6.18.
>
> Convince me that your machine in fact has sufficient resources to spawn 8000
> processes.
>
> Then retry it with "ulimit -u 100", and then do a binary search from 100 to 8000
> to find out what value it stops working at.
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists