Debian's Fork Bomb Prevention / ULIMIT

win32sux · 03-27-2005, 08:06 PM

i just read an article about forkbombing... debian passed the test, but other distros didn't...

Quote:

I'll quickly mention here that Debian did not suffer the same fate as the others; congrats to the Debian development team.

http://www.securityfocus.com/columnists/308

i'd like to know what (configuration) steps debian takes to have this great behaviour by default, and how the equivalent can be accomplished on other distros (in my case slackware)...

the following script (forkbomb.sh) will take-down my slackware box when run as a non-root user:

Code:

#!/bin/bash
while true; do
./forkbomb.sh &
done

if i do (as the non-root user) something like a "ulimit -u 128" (slackware's default seems to be 2048) before executing the script then the impact is not so high and my box won't go down, but i'd like to know how root can apply a system-wide limit (that can't be changed by non-root users) in the same manner debian does (according to the article)...

any input would be greatly appreciated...

=)

DaWallace · 03-27-2005, 09:24 PM

I too, would LOVE to know this. although I'm not really vulnerable to users trying to take down my system, I'm not going to make the mistake of ignoring potential problems.

JordanH · 03-27-2005, 10:57 PM

I just did a few quick tests of this on RHEL 4 on VMWare (since I've never tried Debian). The first test ran within a terminal in Gnome and eventually it ran out of memory. The system terminated some processes and I suspect it took out X or Gnome and X restarted... no problems. The second time around, I ran it straight from the console and after 15 or 30 minutes, it was still running with memory errors showing up all over the place.

I adjusted the /etc/security/limits.conf file and added the line
MrUser hard nproc 128
Does Debian have a system wide limits.conf file as well?