LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 12-12-2010, 12:47 AM   #1
Kenny_Strawn
Senior Member
 
Registered: Feb 2010
Location: /usa/ca/orange_county/lake_forest
Distribution: ArchBang, Google Android 2.1 + Motoblur (on Motortola Flipside), Google Chrome OS (on Cr-48)
Posts: 1,791
Blog Entries: 62

Rep: Reputation: 54
Fork bombs can also very easily be standalone shell scripts


https://bugs.launchpad.net/ubuntu/+s...sh/+bug/689176
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 12-12-2010, 02:47 AM   #2
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,288

Rep: Reputation: 802Reputation: 802Reputation: 802Reputation: 802Reputation: 802Reputation: 802Reputation: 802
For other languages and mitigation see http://en.wikipedia.org/wiki/Fork_bomb
 
Old 12-12-2010, 05:01 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Fork bombs are a problem but it's an old problem so I modded this threads title and removed the slightly alarmist "Security alert" part which we should reserve for threats with a higher priority.
 
Old 12-12-2010, 09:48 PM   #4
Kenny_Strawn
Senior Member
 
Registered: Feb 2010
Location: /usa/ca/orange_county/lake_forest
Distribution: ArchBang, Google Android 2.1 + Motoblur (on Motortola Flipside), Google Chrome OS (on Cr-48)
Posts: 1,791
Blog Entries: 62

Original Poster
Rep: Reputation: 54
You're missing the point. The file I attached is named forkbomb.sh (and it was a test script) with the following code inside it:

Code:
#!/bin/bash

./forkbomb.sh|./forkbomb.sh&
What makes this dangerous is that the script (1) can be given a different (even misleading) name and (2) can be crafted to perform highly CPU-intensive tasks (such as opening programs with each instance of itself) or even delete files on top of executing all the instances of itself that it does.
 
0 members found this post helpful.
Old 12-12-2010, 10:25 PM   #5
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Slackware
Posts: 14,880
Blog Entries: 2

Rep: Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806Reputation: 3806
Let me see this clear, during your experiments you have discovered that:
  • A shell script can have any name you give it, even if it is a misleading name.
  • A shell script can execute other scripts and programs, even itself.
  • A script can delete files.
And you filed a bug against it. How do you think anyone can get rid of these bugs? What use would a shell script have, if it could not execute other programs or even do such simple actions as deleting files?

I think you didn't get the point here, the bug is in this case not in the computer, but in front of it.
You can get rid of all these bugs with a simple rule of conduct: Don't execute ever a shell script from an untrusted source.
 
3 members found this post helpful.
  


Reply

Tags
apport+bug, i386, natty+narwhal


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Writing Own Shell in Unix using fork,exec,dup etc kk11 Programming 13 12-20-2011 09:34 PM
Fork bombs in C/C++ Kenny_Strawn Programming 3 08-22-2010 06:01 PM
cpanel shell fork bomb liang3391 Linux - Software 1 06-26-2009 10:05 PM
How to ssh from a shell script ? For ppl who can write shell scripts. thefountainhead100 Programming 14 10-22-2008 06:24 AM
Is there a way to easily shutdown a remote linux server with a shell script? bdb4269 Programming 7 01-26-2007 04:08 PM


All times are GMT -5. The time now is 07:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration