LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 03-18-2005, 10:15 AM   #1
xgreen
Member
 
Registered: Aug 2003
Distribution: Slackware,Ubuntu
Posts: 389

Rep: Reputation: 30
Security In Slackware??


is this happening to slackware....

http://www.securityfocus.com/columni...8?ref=rssdebia
 
Old 03-18-2005, 10:32 AM   #2
xgreen
Member
 
Registered: Aug 2003
Distribution: Slackware,Ubuntu
Posts: 389

Original Poster
Rep: Reputation: 30
i've tried this in shell as normal user (from slashdot)

){ :&:;};:

and my slackware go slow and slow and slow and finally hang!!!!!
 
Old 03-18-2005, 11:40 AM   #3
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,614

Rep: Reputation: 136Reputation: 136
You could set the limit in /etc/login.defs at ULIMIT value, something like 524288
(as it is in 512-byte units, 524288/512 = 1024 processes)
 
Old 03-18-2005, 12:39 PM   #4
chbin
Member
 
Registered: Mar 2005
Distribution: slackware-current
Posts: 379

Rep: Reputation: 31
I don't get it? I could not find any thing at that site? I'm guessing it has something to do with a user using up all the mem and cpu time of the system?

What is such a big deal of a user being able to slow down a machine? All they would have to do is keep opening up process that they have permission to, or open really big files that they have permission to and eat all the memory. It's called the user using the system. They can't gain any elevated privilages by doing this. If the Admin doesn't like this which he will find out very quickly he just takes about the users account. How is that different that any other OS in the world. Seems kinda like a desperate person trying to find something?
 
Old 03-18-2005, 01:02 PM   #5
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,614

Rep: Reputation: 136Reputation: 136
This is rather a bug in awstats.pl that executes code from values in url
(awstats.pl is a tool for web admin / ISP to do statistics for web usage)
This should have been fixed in newer version
 
Old 03-18-2005, 03:45 PM   #6
mcd
Member
 
Registered: Aug 2003
Location: Boulder, CO
Distribution: Slackware, RHEL, CentOS
Posts: 825

Rep: Reputation: 33
so is there a way to protect ourselves against this?
 
Old 03-18-2005, 03:46 PM   #7
sh1ft
Member
 
Registered: Feb 2004
Location: Ottawa, Ontario, Can
Distribution: Slackware, ubuntu
Posts: 391

Rep: Reputation: 31
Don't worry about it if you're a desktop user. It's only relevent if you give other people local or remote access to your box and you suspect they may try malicious activities. Don't get your panties in a knot over it.
 
Old 03-20-2005, 01:12 AM   #8
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
I was wondering about this - I'm still playing around in Arch - used the same obfuscated thing above first and then forkbomb.sh - brought Arch to a hard lock almost instantly and had to reset twice. Then I changed the ulimit because I'm quite capable of forkbombing myself if I get stupid with scripting. But as far as a security thing, as someone else said, I can launch a DOS on myself by pulling the cord from the wall and all the ulimits in the world won't fix that. BFD.

*makes note to fix Slack later*
 
Old 03-20-2005, 01:45 AM   #9
carboncopy
Senior Member
 
Registered: Jan 2003
Location: Malaysia
Distribution: Fedora Core, Slackware, Mac OS X, Debian, OpenSUSE
Posts: 1,210
Blog Entries: 4

Rep: Reputation: 45
Quote:
Originally posted by keefaz
You could set the limit in /etc/login.defs at ULIMIT value, something like 524288
(as it is in 512-byte units, 524288/512 = 1024 processes)
The article mentioned that it is both shell AND kernel is set to unlimited process which causes problem.

I believe this would limit the shell, and therefore effectively void the situation.

But, I would like to know how to fix this at kernel level. Anyone?

Thanks.

p.s. It is just for learning, no effective threat to my system, as I am the only user.

Last edited by carboncopy; 03-20-2005 at 01:48 AM.
 
Old 03-27-2005, 01:26 PM   #10
predator.hawk
Member
 
Registered: Aug 2004
Location: USA
Distribution: FreeBSD-5.4-STABLE
Posts: 252

Rep: Reputation: 30
I've tried quite a few limits and nothing so far has prevented a fork bombing. Although its not a massive problem, its annoying when your box locks.

Edit: I'd be happy if someone found a fix that didn't require using pam.

Last edited by predator.hawk; 03-27-2005 at 01:28 PM.
 
Old 03-27-2005, 02:13 PM   #11
Ilgar
Member
 
Registered: Jan 2005
Location: Istanbul, Turkey
Distribution: Slackware 14.1, Slackware64 14.1
Posts: 928

Rep: Reputation: 96
Check this one out:
http://gentoo-wiki.com/SECURITY_Limit_User_Processes
 
Old 03-27-2005, 02:25 PM   #12
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,614

Rep: Reputation: 136Reputation: 136
You could set the limit for bash and sh (for other shell I don't know) in /etc/profile
like
Code:
...
# For non-root users, add the current directory to the search path:
if [ ! "`id -u`" = "0" ]; then
    PATH="$PATH:."
    ulimit -u 256
fi
[edit]

With 1024 value, this code
Code:
:(){ :&:;};:
...did lock my machine so I set the value to 256 which prevent that

Last edited by keefaz; 03-27-2005 at 02:43 PM.
 
Old 03-27-2005, 06:10 PM   #13
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
i've ran the forkbomb.sh example on my slackware box as a non-root user and it slowed the box to a crawl then made it hang to the point where nothing could be done (not even by root) except hit the power button...

Code:
#!/bin/bash
while true; do
./forkbomb.sh &
done
i had "top" running in a terminal when i executed forkbomb.sh and for a couple seconds i was able to see the swap usage skyrocket before "top" segfaulted and then everything else locked-up...

so anyways, i tried setting the ULIMIT in /etc/login.defs but i still get forkbombed...

this is what ULIMIT looks like by default in my /etc/login.defs on my slackware 10.x box:
Code:
#ULIMIT         2097152
when giving the "ulimit" command as a non-root user it would output "unlimited"...

so i changed it to:
Code:
ULIMIT         131072
when i logged back in "ulimit" would output "65536"... i executed forkbomb.sh and again my box almost completely locked-up after a couple seconds...

i have 256 megs of ram and 600 megs of swap...

i read in the article that debian wasn't affected, what is the default configuration that debian uses??? can we replicate it on slackware???

why didn't the change i made to /etc/login.defs prevent the forkbombing??


Last edited by win32sux; 03-27-2005 at 06:15 PM.
 
Old 03-27-2005, 06:25 PM   #14
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
i found another discussion about the article at lwn.net:

http://lwn.net/Articles/128281/
 
Old 03-27-2005, 06:33 PM   #15
keefaz
Senior Member
 
Registered: Mar 2004
Distribution: Slackware
Posts: 4,614

Rep: Reputation: 136Reputation: 136
Win32sux, did you try:
ulimit -u 256
before execute your forkbomb.sh script ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
slackware security... marsques Slackware 5 02-26-2005 10:57 PM
What to do About Slackware Security Patches? sh1ft Linux - Security 4 11-30-2004 01:54 PM
slackware security e1000 Slackware 3 11-15-2003 02:33 PM
Slackware Security Update: GDM security update phoeniXflame Slackware 2 08-26-2003 04:21 PM
slackware java and security mr_mandrill Slackware 4 06-05-2003 04:30 PM


All times are GMT -5. The time now is 04:44 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration