lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 18 May 2007 22:52:15 +0530
From:	"Anand Jahagirdar" <anandjigar@...il.com>
To:	"Ahmed S. Darwish" <darwish.07@...il.com>
Cc:	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>,
	linux-kernel@...r.kernel.org, "Coywolf Qi Hunt" <coywolf@...dg.org>
Subject: Re: Fork Bombing Attack

Hello All
           I found one more interesting thing related with fork
bombing attack. i have set following in /etc/security/limits.conf file

     #@...t    hard  nproc  3000
     #@...nd hard  nproc  500


I have tried to execute fork bombing program on the same machine. it
killed the box completely and machine needed a reboot. will any body
please tell me why this is so? even after setting limits in
/etc/security/limits.conf file.

about ulimit:
ulimit are by default  set to some value for all users.. root, guest.
on my machine with FC4 distribution when i typed command "ulimit -u"
it gave me output as 3055 and another machine having FC6 distribution
output is 8050. when root or any other user changes ulimit by typing
"ulimit -u value",.ulimit value is changed for that session and not
permantely. actually ulimit should help to prevent fork bombing attack
but it wont and fork bombing attack still take down the machine having
latest linux distributions.

will any please tell me why this is so?

Regards
Anand

On 5/18/07, Ahmed S. Darwish <darwish.07@...il.com> wrote:
> On 5/18/07, Anand Jahagirdar <anandjigar@...il.com> wrote:
> > Hello All
> >            I tried to execute a program which creates 8152 process.(
> > i=0; while( i<14) i++ fork(); )  with ulimit 8200. This program
> > created 8152 processes and then stopped and came back to command
> > prompt. this proves that my machine do have sufficient resources to
> > create 8000 processes.
> >
> >            I found one more interesting thing on the same machine
> > having FC6 distribution and Linux Kernel 2.6.18. i have set "ulimit -u
> > 100". after setting this limit i tried to execute fork bombing program
> > with guest account. after executing it
> >
> > expected result:-  guest uesr should not able to fork another single
> > process when it reaches to 100 processes count.
> >
> > actual result :-  kernel allow me to create another processes without
> > giving error. due to this i tried to execute same fork bombing program
> > on another terminal with guest account and this fork bombing attack
> > killed the box completely and machine needed reboot.
> >
>
> I think if you want resource limiting per _UID_ (and not per _process_
> as you did), you should use PAM module pam_limits.so. You can edit
> those limits using the file /etc/security/limits.conf
>
> Regards,
> --
> Ahmed S. Darwish
> http://darwish-07.blogspot.com
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ