Fork bombing a Linux machine as a non-root user

Jeff Kinz jkinz at kinz.org
Fri Mar 18 22:14:48 UTC 2005 

On Fri, Mar 18, 2005 at 01:08:31PM -0500, M.Rudra wrote:
> When my Windows system crashed recently, a patient of mine introduced
> me to Linux as a secure OS but today I read an article on fork bombing
> a Linux system.
> 
> http://www.securityfocus.com/columnists/308?ref=rssdebia
> 
> As a non-geek user I am concerned as I thought Linux is very secure. 
> So I googled "fork bombing" and after reading them, I have some doubts :
> 
> 1] Is this applicable to newer version of FC3/4 or will this affect
> older stable versions too.

This is an old old old, (20+ years) issue.  

It Affects All versions of BSD/UNIX/Linux even SCOrch.

It is the responsibility of the local sysadmin to set the per user 
resources limits to the level appropriate for local needs.

To fix this in all versions of BSD/UNIX/Linux even SCOrch:
Put "ulimit -u <N>" in one of the system wide start up scripts.  this
will limit each user to a maximum of "N" processes .

Make N is large enough for each user to run X-windows plus their
applications. 100 will do it for almost everyone.  Its pretty big
without being big enough to let a script run away with the system.

Adjust to fit, YMMV.



> 2] The article mentions Debian survived among others but some of the
> Linux distributions are  vulnerable to fork bombing. Is FC a part of
> the latter ?

Affects ALL *NIX


> 3] If a non -root 'user' can bring down the system, then can a person
> without login facility bring down the system too if the machine is
> connected to the Internet ?.
Not this way.


> 4] What precautions must one take for [a] general PC [b] servers. do
> they differ ?
See Soln. above
> 5] Does one have to download a patch for the kernel ? 
No, See soln above,

If we install an
> older stable version of the distro  will the system be safe from such
> an attack ?
No, See soln above,

-- 
"The only system which is truly secure, is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, surrounded by nerve gas and very highly paid armed guards. Even
then, I wouldn't stake my life on it" - Gene Spafford 
(Good thing. the law of unintended consequences: A laptop, w/wireless
NIC and wake on "date" set in the BIOS)

http://kinz.org
http://www.fedoranews.org
Jeff Kinz, Emergent Research, Hudson, MA.

More information about the fedora-list mailing list