lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <473F281B.60408@minimum.se>
Date:	Sat, 17 Nov 2007 09:42:51 -0800
From:	Martin Olsson <mnemo@...imum.se>
To:	Peter Zijlstra <peterz@...radead.org>
CC:	Dane Mutters <dmutters@...il.com>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	linux-kernel@...r.kernel.org
Subject: Re: Is it possible to give the user the option to cancel forkbombs?

(taking this reply offline, so this is mostly intended for Alan)

Peter Zijlstra wrote:
> 
> If you don't know which limits to set and need a package for them, your
> job title should not be system administrator.
> 

In theory I agree with you Peter but in practice a lot of low-skill 
people have to install and administer servers. I think the pragmatic and 
realistic approach would be to accept that many admins are not perfect, 
far from it.

Also, this bug involves many aspects and it's possible to argue what 
exactly is the bug. Even if we don't change any default values, we can 
still change the kernel so that it survives a fork bomb. After all, the 
Vista kernel does survive a fork bomb although the system as a whole 
gets unusable.

### On Ubuntu I currently see:
1. Launch fork bomb
2. System gets to a complete freeze (I can't move mouse and not a single 
pixel is updated on the screen).

### On Vista I currently see:
1. Launch fork bomb
2. System gets very slow to the point where the system is unusable (but 
I can always mouse around the mouse freely with no sluggishness and the 
screen updates continue to make progress even though it takes 1-3 
seconds between each update). I can still open and close the start menu 
if I got the patience to wait >45 seconds for it each time.

I don't think that setting a max process count by default is a 
good/viable solution. But the kernel could still be changed so that it 
doesn't hose itself completely.



		Martin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ