LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 12-12-2010, 01:47 AM   #1
Kenny_Strawn
Senior Member
 
Registered: Feb 2010
Location: /usa/ca/orange_county/lake_forest
Distribution: ArchBang, Google Android 2.1 + Motoblur (on Motortola Flipside), Google Chrome OS (on Cr-48)
Posts: 1,791
Blog Entries: 62

Rep: Reputation: 55
Fork bombs can also very easily be standalone shell scripts


https://bugs.launchpad.net/ubuntu/+s...sh/+bug/689176
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 12-12-2010, 03:47 AM   #2
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,520

Rep: Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876Reputation: 876
For other languages and mitigation see http://en.wikipedia.org/wiki/Fork_bomb
 
Old 12-12-2010, 06:01 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,777
Blog Entries: 54

Rep: Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978Reputation: 2978
Fork bombs are a problem but it's an old problem so I modded this threads title and removed the slightly alarmist "Security alert" part which we should reserve for threats with a higher priority.
 
Old 12-12-2010, 10:48 PM   #4
Kenny_Strawn
Senior Member
 
Registered: Feb 2010
Location: /usa/ca/orange_county/lake_forest
Distribution: ArchBang, Google Android 2.1 + Motoblur (on Motortola Flipside), Google Chrome OS (on Cr-48)
Posts: 1,791
Blog Entries: 62

Original Poster
Rep: Reputation: 55
You're missing the point. The file I attached is named forkbomb.sh (and it was a test script) with the following code inside it:

Code:
#!/bin/bash

./forkbomb.sh|./forkbomb.sh&
What makes this dangerous is that the script (1) can be given a different (even misleading) name and (2) can be crafted to perform highly CPU-intensive tasks (such as opening programs with each instance of itself) or even delete files on top of executing all the instances of itself that it does.
 
0 members found this post helpful.
Old 12-12-2010, 11:25 PM   #5
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,653
Blog Entries: 2

Rep: Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096Reputation: 4096
Let me see this clear, during your experiments you have discovered that:
  • A shell script can have any name you give it, even if it is a misleading name.
  • A shell script can execute other scripts and programs, even itself.
  • A script can delete files.
And you filed a bug against it. How do you think anyone can get rid of these bugs? What use would a shell script have, if it could not execute other programs or even do such simple actions as deleting files?

I think you didn't get the point here, the bug is in this case not in the computer, but in front of it.
You can get rid of all these bugs with a simple rule of conduct: Don't execute ever a shell script from an untrusted source.
 
3 members found this post helpful.
  


Reply

Tags
apport+bug, i386, natty+narwhal


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Writing Own Shell in Unix using fork,exec,dup etc kk11 Programming 13 12-20-2011 10:34 PM
Fork bombs in C/C++ Kenny_Strawn Programming 3 08-22-2010 07:01 PM
cpanel shell fork bomb liang3391 Linux - Software 1 06-26-2009 11:05 PM
How to ssh from a shell script ? For ppl who can write shell scripts. thefountainhead100 Programming 14 10-22-2008 07:24 AM
Is there a way to easily shutdown a remote linux server with a shell script? bdb4269 Programming 7 01-26-2007 05:08 PM


All times are GMT -5. The time now is 03:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration