From: Michael Buesch <fsdeveloper@yahoo.de>
To: Ryan Underwood <nemesis-lists@icequake.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Forking shell bombs
Date: Wed, 9 Jul 2003 13:36:03 +0200 [thread overview]
Message-ID: <200307091336.12271.fsdeveloper@yahoo.de> (raw)
In-Reply-To: <20030708202819.GM1030@dbz.icequake.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 08 July 2003 22:28, Ryan Underwood wrote:
> Hi,
>
> > That's what per-user process limits are for. Doesn't matter if it's a
> > shellscript or something else; any system without limits set is
> > vulnerable.
>
> I agree, but it would also be nice to have a way to clean up after the
> fact without giving up the box. My limit is set at 2047 processes
> which, while being a lot, doesn't seem like enough to guarantee a dead
> box. (Don't many busy systems have more than this number running at any
> given time?)
>
> > It's a base redhat kernel, after the cannot allocate memory, my system
> > returned to normal operation and it didnt die.
> > Is this the type of behavior you were looking for? or am i off base?
> >
> > Linux sloth 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386
> > GNU/Linux
> >
> > $ :(){ :|:&};:
> > [1] 3071
> >
> > $
> > [1]+ Done : | :
> >
> > $ -bash: fork: Cannot allocate memory
> > -bash: fork: Cannot allocate memory
> > -bash: fork: Cannot allocate memory
> > -bash: fork: Cannot allocate memory
>
> Nope, on my system running stock 2.4.21, after hitting enter, wait about 2
> seconds, and the system is frozen. Telnet connects but never gets a
> shell. None of the SysRq process-killing combos have any effect. After
> a few failed killalls (which eventually killed the one shell I was able
> to get), and Alt-SysRq-S never completing the sync, I gave up and
> Alt-SysRq-B.
>
> What does ulimit -u say on your system? 2047 on mine.
mb@lfs:~> ulimit -u
2047
my system doesn't freeze.
It becomes _very_ slow, but I can kill the forking processes.
After killing, the system runs just fine.
I'm using 2.4.21.
- --
Regards Michael Buesch
http://www.8ung.at/tuxsoft
13:34:31 up 12 min, 2 users, load average: 1.32, 1.22, 0.74
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/C/4soxoigfggmSgRAjRDAJ9lH45Hr0LoAJTLwG4/Xlo6a2pE7ACeMUVl
ITJ5Tucg2LLpYqkQ2Vk/dmY=
=qCMR
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2003-07-09 11:22 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030708193401.24226.95499.Mailman@lists.us.dell.com>
2003-07-08 20:28 ` Forking shell bombs Ryan Underwood
2003-07-08 20:37 ` vlad
2003-07-08 20:43 ` jhigdon
2003-07-08 21:25 ` Ryan Underwood
2003-07-08 22:43 ` Sir Ace
2003-07-09 15:07 ` David Ford
2003-07-09 21:10 ` Ryan Underwood
2003-07-13 9:10 ` Riley Williams
2003-07-13 9:40 ` Jan-Benedict Glaw
2003-07-13 14:17 ` Gene Heskett
2003-07-08 21:59 ` system_lists
2003-07-08 17:18 ` Max Valdez
2003-07-08 22:25 ` Alan Cox
2003-07-08 22:26 ` Svein Ove Aas
2003-07-08 22:51 ` Ryan Underwood
2003-07-10 12:32 ` Luiz Capitulino
2003-07-08 23:05 ` Wakko Warner
2003-07-09 11:36 ` Michael Buesch [this message]
2003-07-09 11:05 Arvind Kandhare
-- strict thread matches above, loose matches on Subject: below --
2003-07-08 22:26 Perez-Gonzalez, Inaky
2003-07-08 18:45 Ryan Underwood
2003-07-08 18:55 ` Charles Cazabon
2003-07-08 22:01 ` Alan Cox
2003-07-08 19:23 ` jhigdon
2003-07-08 20:35 ` vlad
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200307091336.12271.fsdeveloper@yahoo.de \
--to=fsdeveloper@yahoo.de \
--cc=linux-kernel@vger.kernel.org \
--cc=nemesis-lists@icequake.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox