From: Michael Tokarev <mjt@tls.msk.ru>
To: Anand Jahagirdar <anandjigar@gmail.com>
Cc: "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>,
linux-kernel@vger.kernel.org
Subject: Re: Fork Bombing Attack
Date: Fri, 18 May 2007 17:07:32 +0400 [thread overview]
Message-ID: <464DA514.8030205@msgid.tls.msk.ru> (raw)
In-Reply-To: <25ae38200705180413s741cac1bw9fe0dc57cecc2a91@mail.gmail.com>
Anand Jahagirdar wrote:
[]
> I found one more interesting thing on the same machine
> having FC6 distribution and Linux Kernel 2.6.18. i have set "ulimit -u
> 100". after setting this limit i tried to execute fork bombing program
> with guest account. after executing it
>
> expected result:- guest uesr should not able to fork another single
> process when it reaches to 100 processes count.
>
> actual result :- kernel allow me to create another processes without
> giving error. due to this i tried to execute same fork bombing program
> on another terminal with guest account and this fork bombing attack
> killed the box completely and machine needed reboot.
Do you know ulimits are a *process* property, not uid property?
That is, if, in some process of a giving user, you set ulimit value,
it does NOT affect other processes of the same user already running
at the same time, but only new processes forked off of this process
where you've set the limit. Limits are inheritable from parent to
child, but not the reverse and especially they don't "migrate" to
"brothers" or "brothers-in-law".
> will any please tell me why this is so?
It's because of the way ulimit works - on Linux and on other systems.
When you set limit of number of processes in some session, you can't
fork more processes *in this session* if total number of processes of
this user is >= the limit value you set. Other sessions are unaffected.
It's unclear what did you mean by ``i have set "ulimit -u 100"''.
Where did you set it?
Note also that when you log in (on a terminal, or over ssh, or using su
command), the limits are usually set to whatever specified for that user
in /etc/security/limits.conf - so for example, if you set a limit and
use su to change uid, your limit is reset.
/mjt
next prev parent reply other threads:[~2007-05-18 13:07 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-17 14:45 Fork Bombing Attack Anand Jahagirdar
2007-05-17 15:01 ` Valdis.Kletnieks
2007-05-18 11:13 ` Anand Jahagirdar
2007-05-18 13:07 ` Michael Tokarev [this message]
2007-05-18 13:19 ` Ahmed S. Darwish
2007-05-18 17:22 ` Anand Jahagirdar
2007-05-18 17:49 ` Valdis.Kletnieks
2007-05-18 21:21 ` Krzysztof Halasa
2007-05-18 22:40 ` Bernd Eckenfels
2007-05-22 21:52 ` Mark Lord
-- strict thread matches above, loose matches on Subject: below --
2007-05-17 7:25 Fork bombing Attack Anand Jahagirdar
2007-05-17 7:39 ` Marat Buharov
2007-05-17 9:07 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=464DA514.8030205@msgid.tls.msk.ru \
--to=mjt@tls.msk.ru \
--cc=Valdis.Kletnieks@vt.edu \
--cc=anandjigar@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox