Security In Slackware??

win32sux · 03-27-2005, 07:14 PM

Quote:

Originally posted by keefaz
Win32sux, did you try:
ulimit -u 256
before execute your forkbomb.sh script ?

okay, when setting the ulimit like that before executing the script it helps a lot... the system still gets slow, but it doesn't get SO slow and doesn't hang... also, the swap doesn't get touched... i am able to open a terminal, become root, and issue a "killall forkbomb.sh" and make everything come back to normal...

Code:

bash-3.00$ ulimit -a
core file size        (blocks, -c) 0
data seg size         (kbytes, -d) unlimited
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
max locked memory     (kbytes, -l) unlimited
max memory size       (kbytes, -m) unlimited
open files                    (-n) 1024
pipe size          (512 bytes, -p) 8
stack size            (kbytes, -s) unlimited
cpu time             (seconds, -t) unlimited
max user processes            (-u) 2048
virtual memory        (kbytes, -v) unlimited

Code:

bash-3.00$ ulimit -u 256
bash-3.00$ ulimit -a
core file size        (blocks, -c) 0
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
max locked memory     (kbytes, -l) unlimited
max memory size       (kbytes, -m) unlimited
open files                    (-n) 1024
pipe size          (512 bytes, -p) 8
stack size            (kbytes, -s) unlimited
cpu time             (seconds, -t) unlimited
max user processes            (-u) 256
virtual memory        (kbytes, -v) unlimited

by doing a "ulimit -u 128" the performance hit of the forkbomb was even lighter...

the problem is that this is all done by the non-root user... and obviously someone with bad intentions wouldn't ulimit themselves... so my question now is:

how can *root* set the max ulimit for all the non-root users on slackware??

i'm thinking that maybe adding a ulimit command to the /etc/X11/xinit/xinitrc file might limit the amount of processs spawned in the X session?? what do you think??

what about remote ssh logins and local runlevel 3 logins??

egag · 03-27-2005, 07:22 PM

mayby you can put it in /etc/profile ?

egag

egag · 03-27-2005, 07:24 PM

yes , you can....

egag

win32sux · 03-27-2005, 07:31 PM

Quote:

Originally posted by egag
mayby you can put it in /etc/profile ?

would putting it there apply the ulimit to all X sessions, remote ssh logins, and all shells (bash, ksh93, ash, zsh, tcsh, etc.)???

win32sux · 03-27-2005, 07:35 PM

the guy that wrote the article said:

Quote:

I'll quickly mention here that Debian did not suffer the same fate as the others; congrats to the Debian development team.

what ulimit method does debian use??

egag · 03-27-2005, 07:39 PM

well...anyone who logs in get's bash.
if there's a way around that, you can remove the other shells.

but i wonder if the x-session would be limited.

maybe try to run the " evil-script" from the menu and see what happens. ?
( i don't have that script here..... )

egag

egag · 03-27-2005, 07:42 PM

oh...i managed to burn debian on 7 cd's once.
didn't come any further than that.

egag

egag · 03-27-2005, 07:50 PM

.......don't worry about X, as any script needs bash to be executed ..

so i think it's fine to put " ulimit -u 128 " ( or so ) in /etc/profile.

....and the article in the firs post,......just making a lot of fuzz about nothing.
probably written by a M$-developer.

egag

win32sux · 03-27-2005, 08:11 PM

cool... i'm gonna try it and see...

meanwhile, i've opened a thread in the debian forum asking what ulimit configuration debian uses:

http://www.linuxquestions.org/questi...hreadid=306802