Fork bombing a Linux machine as a non-root user
Felipe Alfaro Solana
lkml at mac.com
Mon Mar 21 17:35:42 UTC 2005
On 21 Mar 2005, at 17:42, Aleksandar Milivojevic wrote:
> Felipe Alfaro Solana wrote:
>
>> I agree... a fork-bomb is a local attack, which is far more powerful
>> than remote attacks, although fork-bomb can only deny service. Once
>> an attacker gets local access to your machine, you're in a very bad
>> position. On point of defense-in-depth is to keep bad guys from
>> gaining local access.
>
> The fork bomb belongs to "resource attacks". There are other (just as
> efficient) attacks in this category. I showed variation that attacks
> the combination of virtual memory and disk access (actaully it is
> attacking disk access, since it really doesn't consume any virtual
> memory). The fork bomb is hard to perform remotely. The other attack
> I described (from same category as fork bomb) is possible to perform
> remotely, if there is exploitable application on the system that you
> can force into making the system to start swapping aggressivly.
>
> So "fork bomb is local attack" is no excuse for system not being able
> to defend itself from resouces attacks (which is where specific attack
> called "fork bomb" belongs).
I agree... and that's why usually run Bastille Linux on all my machines
(on of the things Bastille can do is impose some limits on system
resource usage).
More information about the fedora-list
mailing list