I'm really not a programmer, just learning, but was able to bring the system
to it's knees. This is a redhat 7.2 kernel. Is there anyway of preventing
this?
#include <unistd.h>
void do_fork()
{
pid_t p;
p = fork();
do_fork();
}
void main()
{
for(;;)
do_fork();
}
Little, John wrote:
> I'm really not a programmer, just learning, but was able to bring the system
> to it's knees. This is a redhat 7.2 kernel. Is there anyway of preventing
> this?
>
> #include <unistd.h>
>
> void do_fork()
> {
> pid_t p;
>
> p = fork();
> do_fork();
> }
>
> void main()
> {
> for(;;)
> do_fork();
> }
>
in bash: help ulimit
ulimit: ulimit [-SHacdflmnpstuv] [limit]
Ulimit provides control over the resources available to processes
started by the shell, on systems that allow such control. If an
option is given, it is interpreted as follows:
-S use the `soft' resource limit
-H use the `hard' resource limit
-a all current limits are reported
-c the maximum size of core files created
-d the maximum size of a process's data segment
-f the maximum size of files created by the shell
-l the maximum size a process may lock into memory
-m the maximum resident set size
-n the maximum number of open file descriptors
-p the pipe buffer size
-s the maximum stack size
-t the maximum amount of cpu time in seconds
-u the maximum number of user processes
"Little, John" wrote:
>
> I'm really not a programmer, just learning, but was able to bring the system
> to it's knees. This is a redhat 7.2 kernel. Is there anyway of preventing
> this?
Use resource limits on users and don't run fork bombs as root :)
>
> #include <unistd.h>
>
> void do_fork()
> {
> pid_t p;
>
> p = fork();
> do_fork();
> }
>
> void main()
> {
> for(;;)
> do_fork();
> }
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
Philip R. Auld, Ph.D. Technical Staff
Egenera Corp. [email protected]
165 Forest St., Marlboro, MA 01752 (508)786-9444
On Fri, Mar 22, 2002 at 09:16:00AM -0600, Little, John wrote:
> I'm really not a programmer, just learning, but was able to bring the system
> to it's knees. This is a redhat 7.2 kernel. Is there anyway of preventing
> this?
There are some kernel-patches existing which limit the number of allowed
forks per second. But there is a much shorter way for launching a
forkbomb:
:(){ :|:&};:
The simplest way would be to limit _SC_CHILD_MAX. _POSIX_CHILD_MAX
looks like it is only 6. Another way would be to introduce a scheduler
which forced process/threads owned by the same uid to combat with each
other for a time slice, and each user be given a fair time slice. (A
little more complicated, but probably doable)
mark
On Sat, Mar 23, 2002 at 11:09:03PM +0100, Erik Tews wrote:
> On Fri, Mar 22, 2002 at 09:16:00AM -0600, Little, John wrote:
> > I'm really not a programmer, just learning, but was able to bring the system
> > to it's knees. This is a redhat 7.2 kernel. Is there anyway of preventing
> > this?
>
> There are some kernel-patches existing which limit the number of allowed
> forks per second. But there is a much shorter way for launching a
> forkbomb:
>
> :(){ :|:&};:
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
[email protected]/[email protected]/[email protected] __________________________
. . _ ._ . . .__ . . ._. .__ . . . .__ | Neighbourhood Coder
|\/| |_| |_| |/ |_ |\/| | |_ | |/ |_ |
| | | | | \ | \ |__ . | | .|. |__ |__ | \ |__ | Ottawa, Ontario, Canada
One ring to rule them all, one ring to find them, one ring to bring them all
and in the darkness bind them...
http://mark.mielke.cc/