Fork bombing a Linux machine as a non-root user

Scot L. Harris webid at cfl.rr.com
Fri Mar 18 19:24:56 UTC 2005 

On Fri, 2005-03-18 at 13:23, Matthew Miller wrote:
> On Fri, Mar 18, 2005 at 01:08:31PM -0500, M.Rudra wrote:
> > As a non-geek user I am concerned as I thought Linux is very secure. 
> > So I googled "fork bombing" and after reading them, I have some doubts :
> 
> This isn't really a general security issue. If a user on your system does
> this, find them and (metaphorically) smack them around.
> 
> If you want to prevent this from happening accidentally, or if you have a
> critical server with users you don't trust (a situation to be avoided!) you
> can _reduce_ the chances of something like this happening by configuring
> resource limits, but since all computers do have finite resources, it's hard
> to have a generally-useful shared machine without some possibility of
> someone going out of their way to use more than their share.

This is the wrong approach.  A user level account should not be allowed
to consume resources to the point that the whole system crashes.

Per the article, this is an old trick that was fixed in many different
versions of Unix.  There should be limits on the resources a user
process can request, or at least throttling so that once a certain
threshold is reached the user process does not get anymore until it
releases some.

Similar limit is placed on a user allocating disk space.  The system
reserves about 5% of the disk which only root can use.  This prevents
someone from eating all of /tmp or some other file system and preventing
root from being able to execute programs that require some disk
resources, possibly while trying to fix the problem the user process
created.

While this is not an exploit that results in root level access it is a
denial of service that could be used by anyone that achieves user level
access to a system.  And users should never be trusted. They will find
some way to mess things up.  :)

Definitely something that should be fixed.

-- 
Scot L. Harris
webid at cfl.rr.com

Those who can, do; those who can't, write.
Those who can't write work for the Bell Labs Record.

More information about the fedora-list mailing list