Fork bombing a Linux machine as a non-root user

[Aleksandar Milivojevic]

Felipe Alfaro Solana wrote:

> I agree... a fork-bomb is a local attack, which is far more powerful 
> than remote attacks, although fork-bomb can only deny service. Once an 
> attacker gets local access to your machine, you're in a very bad 
> position. On point of defense-in-depth is to keep bad guys from gaining 
> local access.

The fork bomb belongs to "resource attacks".  There are other (just as 
efficient) attacks in this category.  I showed variation that attacks 
the combination of virtual memory and disk access (actaully it is 
attacking disk access, since it really doesn't consume any virtual 
memory).  The fork bomb is hard to perform remotely.  The other attack I 
described (from same category as fork bomb) is possible to perform 
remotely, if there is exploitable application on the system that you can 
force into making the system to start swapping aggressivly.

So "fork bomb is local attack" is no excuse for system not being able to 
defend itself from resouces attacks (which is where specific attack 
called "fork bomb" belongs).

-- 
Aleksandar Milivojevic <amilivojevic at pbl.ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7