From: Michael Buesch <fsdeveloper@yahoo.de>
To: Ryan Underwood <nemesis-lists@icequake.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Forking shell bombs
Date: Wed, 9 Jul 2003 13:36:03 +0200 [thread overview]
Message-ID: <200307091336.12271.fsdeveloper@yahoo.de> (raw)
In-Reply-To: <20030708202819.GM1030@dbz.icequake.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 08 July 2003 22:28, Ryan Underwood wrote:
> Hi,
>
> > That's what per-user process limits are for. Doesn't matter if it's a
> > shellscript or something else; any system without limits set is
> > vulnerable.
>
> I agree, but it would also be nice to have a way to clean up after the
> fact without giving up the box. My limit is set at 2047 processes
> which, while being a lot, doesn't seem like enough to guarantee a dead
> box. (Don't many busy systems have more than this number running at any
> given time?)
>
> > It's a base redhat kernel, after the cannot allocate memory, my system
> > returned to normal operation and it didnt die.
> > Is this the type of behavior you were looking for? or am i off base?
> >
> > Linux sloth 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386
> > GNU/Linux
> >
> > $ :(){ :|:&};:
> > [1] 3071
> >
> > $
> > [1]+ Done : | :
> >
> > $ -bash: fork: Cannot allocate memory
> > -bash: fork: Cannot allocate memory
> > -bash: fork: Cannot allocate memory
> > -bash: fork: Cannot allocate memory
>
> Nope, on my system running stock 2.4.21, after hitting enter, wait about 2
> seconds, and the system is frozen. Telnet connects but never gets a
> shell. None of the SysRq process-killing combos have any effect. After
> a few failed killalls (which eventually killed the one shell I was able
> to get), and Alt-SysRq-S never completing the sync, I gave up and
> Alt-SysRq-B.
>
> What does ulimit -u say on your system? 2047 on mine.
mb@lfs:~> ulimit -u
2047
my system doesn't freeze.
It becomes _very_ slow, but I can kill the forking processes.
After killing, the system runs just fine.
I'm using 2.4.21.
- --
Regards Michael Buesch
http://www.8ung.at/tuxsoft
13:34:31 up 12 min, 2 users, load average: 1.32, 1.22, 0.74
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/C/4soxoigfggmSgRAjRDAJ9lH45Hr0LoAJTLwG4/Xlo6a2pE7ACeMUVl
ITJ5Tucg2LLpYqkQ2Vk/dmY=
=qCMR
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2003-07-09 11:22 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030708193401.24226.95499.Mailman@lists.us.dell.com>
2003-07-08 20:28 ` Forking shell bombs Ryan Underwood
2003-07-08 20:37 ` vlad
2003-07-08 20:43 ` jhigdon
2003-07-08 21:25 ` Ryan Underwood
2003-07-08 22:43 ` Sir Ace
2003-07-09 15:07 ` David Ford
2003-07-09 21:10 ` Ryan Underwood
2003-07-13 9:10 ` Riley Williams
2003-07-13 9:40 ` Jan-Benedict Glaw
2003-07-13 14:17 ` Gene Heskett
2003-07-08 21:59 ` system_lists
2003-07-08 17:18 ` Max Valdez
2003-07-08 22:25 ` Alan Cox
2003-07-08 22:26 ` Svein Ove Aas
2003-07-08 22:51 ` Ryan Underwood
2003-07-10 12:32 ` Luiz Capitulino
2003-07-08 23:05 ` Wakko Warner
2003-07-09 11:36 ` Michael Buesch [this message]
2003-07-09 11:05 Arvind Kandhare
-- strict thread matches above, loose matches on Subject: below --
2003-07-08 22:26 Perez-Gonzalez, Inaky
2003-07-08 18:45 Ryan Underwood
2003-07-08 18:55 ` Charles Cazabon
2003-07-08 22:01 ` Alan Cox
2003-07-08 19:23 ` jhigdon
2003-07-08 20:35 ` vlad
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200307091336.12271.fsdeveloper@yahoo.de \
--to=fsdeveloper@yahoo.de \
--cc=linux-kernel@vger.kernel.org \
--cc=nemesis-lists@icequake.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.