Hi,
On Wed, Jun 8, 2011 at 10:01 AM, Amar Akshat <amar.aks...@gmail.com> wrote:
> Hi All,
> I have been lately disturbed by my fellow novice intern admins who have
> been
granted super user privileges. They are all trying the kiddish stuff and it
> upsets the environment, and more over I am unable to hang around and see
> what is happening and fix that.
>
> Lately some of them have discovered "fork bomb", example
>
> :(){ :|: & };:
>
>
> and this works in my personal Ubuntu v-machines. I have figured out that if
> run as root, this would keep on exhausting memory and system ultimately
> goes
> down very slow.
>
> Is there a way we can tweak the ulimit - user limit for all users.
> http://www.linuxforums.org/forum/security/90836-user-limits-linux.html -
> wasn't so helpful.
>
Try 'setrlimit' to set RLIMIT_NPROC to some agreeable value. NPROC is the
number of processes a user can create. Limiting them will atleast leave you
with enough resources to start a shell and kill the offending process (bash
in this case).
ulimit will not work if you don't have pam_limits module for your kernel
(it's not built by default). Try loading pam_limits module manuallly and see
if the limits in /etc/security/limits.conf are honored then.
There is no definite solution to preventing a fork_bomb as such, but patches
like this http://grsecurity.net/ may help you finding which user started the
fork bomb, though it might be an overkill for single user systems.
>
> So typically in our environment, we all login as personal user (eg.
> amarakshat) and then we do #sudo su - to become root. However root is still
> logged in via a user, and if I can limit the user's memory, I can limit the
> maximum memory this "FORK BOMB" can consume.
>
A fork bomb creates a large number of processes thereby draining the systems
resources. Even if it is using a very small memory footprint, the sheer
number of processes will always make your OS stall. Instead, you need to put
a limit on the number of processes a user can create, somewhere around
200-400 is a decent range.
>
> Any comments ?
> --
> Amar Akshat
> Wells Fargo
>
> "Real Programmers always confuse Christmas and Halloween because Oct31 ==
> Dec25."
> _______________________________________________
> Ilugd mailing list
> Ilugd@lists.linux-delhi.org
> http://frodo.hserus.net/mailman/listinfo/ilugd
>
--
--
Ankit Chaturvedi
GPG: 05DE FDC5 468B 7D9F 9F45 72F1 F7B9 9E16 ECA2 CC23
<http://www.google.com/profiles/ankit.chaturvedi>
_______________________________________________
Ilugd mailing list
Ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
