Re: defend from -> :() { :&:; } ;:
Mike Jeays wrote: Please do not try to execute this: :() { :&:; } ;: on your BSD machine. What does it do? It is easier to understand when you replace the ":" by a more conventional subroutine name. myproc () { myproc & myproc } myproc It recursively generates useless processes that clog up the machine. Mine ground to a halt and froze after a few seconds. Interesting, if not annoying ;) Thanks for the explanation, Mike. I edited /etc/login.conf and changed maxproc=unlimited to maxproc=200. Then tried it. Took a second or so to start spewing "Cannot fork: Resource temporarily unavailable". I'd opened a 2nd session, and ps wasn't even able to give me full info on what was happening. Luckily, is was easily interruptible and the system seemed to recover. -Rob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On Mon, Oct 22, 2007 at 02:25:42PM -0700, Gary Kline wrote: > On Mon, Oct 22, 2007 at 06:44:18PM +0200, Martin Tournoij wrote: > > On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote: > > > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > > > I ask all who already tried it how to defend from this? > > > > Wow,, my machine just crashed :-/ > > Does in this work on other OS's as well (ie. GNU/Linux)? Or just > > (Free?)BSD? I really don't feel like crashing another machine right > > now... > > > > Only works in sh, not in csh. > > > > Anyway, this seems to be security/stability issue, maybe a PR is in > > order? > > > > Regards, > > Martin Tournoij > > > If this *is* only a /bin/sh bug, then it maybe time to issue a > PR. Remember that *our* "Bourne" shell is really "a shell" or > ash. I remember hacking on this and playing with it back in tha > late 80's. > > It might be time to use zsh as the FBSD /bin/sh Why bother? It's not a bug, exactly, so much as a nasty trick of the sh syntax. It works just as well in zsh. -- Benjamin A'Lee <[EMAIL PROTECTED]> http://subvert.org.uk/~bma/ "He who breaks a thing to find out how it works has left the path of wisdom." - J.R.R. Tolkien pgp9ySm3UvSpt.pgp Description: PGP signature
Re: defend from -> :() { :&:; } ;:
On Mon, Oct 22, 2007 at 06:44:18PM +0200, Martin Tournoij wrote: > On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote: > > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > > I ask all who already tried it how to defend from this? > > Wow,, my machine just crashed :-/ > Does in this work on other OS's as well (ie. GNU/Linux)? Or just > (Free?)BSD? I really don't feel like crashing another machine right > now... > > Only works in sh, not in csh. > > Anyway, this seems to be security/stability issue, maybe a PR is in > order? More likely something's wrong with your system? I tried out the fork bomb on my box, and while it crawled for a while, it came back out fine. Running 6-STABLE. Cheers. -- Jonathan Chen <[EMAIL PROTECTED]> -- Experience is a hard teacher because she gives the test first, the lesson afterwards ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On October 22, 2007 03:58:35 pm Rolf G Nielsen wrote: > Danielisz Laszlo wrote: > > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > > I ask all who already tried it how to defend from this? > > > > > > > > __ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > ___ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" > > What does it do? It is easier to understand when you replace the ":" by a more conventional subroutine name. myproc () { myproc & myproc } myproc It recursively generates useless processes that clog up the machine. Mine ground to a halt and froze after a few seconds. -- Mike Jeays http://www.jeays.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On October 22, 2007 12:44:18 pm Martin Tournoij wrote: > On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote: > > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > > I ask all who already tried it how to defend from this? > > Wow,, my machine just crashed :-/ > Does in this work on other OS's as well (ie. GNU/Linux)? Or just > (Free?)BSD? I really don't feel like crashing another machine right > now... > > Only works in sh, not in csh. > > Anyway, this seems to be security/stability issue, maybe a PR is in > order? > > Regards, > Martin Tournoij > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" Yes, it brought down my Ubuntu 7.10 system pretty well immediately. I had to reboot. -- Mike Jeays http://www.jeays.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
In response to Martin Tournoij <[EMAIL PROTECTED]>: > On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote: > > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > > I ask all who already tried it how to defend from this? > > Wow,, my machine just crashed :-/ > Does in this work on other OS's as well (ie. GNU/Linux)? Or just > (Free?)BSD? I really don't feel like crashing another machine right > now... It's a fork bomb. It affects every OS that has fork() or equivalent. > Only works in sh, not in csh. No, it works in csh, the syntax is different. > Anyway, this seems to be security/stability issue, maybe a PR is in > order? No. Research (on your point) into fork bombs and how to configure the system to handle them properly is in order. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On 10/22/07, Martin Tournoij <[EMAIL PROTECTED]> wrote: > On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote: > > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > > I ask all who already tried it how to defend from this? > > Wow,, my machine just crashed :-/ > Does in this work on other OS's as well (ie. GNU/Linux)? Or just > (Free?)BSD? I really don't feel like crashing another machine right > now... > > Only works in sh, not in csh. > > Anyway, this seems to be security/stability issue, maybe a PR is in > order? > > Regards, > Martin Tournoij I'm not a sh or bash syntax expert, but isn't this a standard "fork bomb" type command? If so, it should be possible to mitigate it with sensible login tunings set in login.conf (in this particular case, I think "maxprocesses" is the one to focus on). Executing this command on my workstation does not result in any (noticeable) bad side effects under sh or bash login shells - just notifications of "Cannot fork: Resource temporarily unavailable" as the max process limit is hit. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On Mon, Oct 22, 2007 at 06:44:18PM +0200, Martin Tournoij wrote: > On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote: > > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > > I ask all who already tried it how to defend from this? > > Wow,, my machine just crashed :-/ > Does in this work on other OS's as well (ie. GNU/Linux)? Or just > (Free?)BSD? I really don't feel like crashing another machine right > now... > > Only works in sh, not in csh. > > Anyway, this seems to be security/stability issue, maybe a PR is in > order? > > Regards, > Martin Tournoij If this *is* only a /bin/sh bug, then it maybe time to issue a PR. Remember that *our* "Bourne" shell is really "a shell" or ash. I remember hacking on this and playing with it back in tha late 80's. It might be time to use zsh as the FBSD /bin/sh gary -- Gary Kline [EMAIL PROTECTED] www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
Danielisz Laszlo wrote: Please do not try to execute this: :() { :&:; } ;: on your BSD machine. I ask all who already tried it how to defend from this? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" What does it do? -- Sincerly, Rolf Nielsen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On Sun, Oct 21, 2007 at 12:10:02PM -0700, Danielisz Laszlo wrote: > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > I ask all who already tried it how to defend from this? That's just a fork bomb. Try looking at tuning(7) and login.conf(5) to reduce the maxproc limit for users. -- Jonathan Chen <[EMAIL PROTECTED]> -- "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On Sun, Oct 21, 2007 at 12:10:02PM -0700, Danielisz Laszlo wrote: > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > I ask all who already tried it how to defend from this? rm /bin/sh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote: > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > I ask all who already tried it how to defend from this? Wow,, my machine just crashed :-/ Does in this work on other OS's as well (ie. GNU/Linux)? Or just (Free?)BSD? I really don't feel like crashing another machine right now... Only works in sh, not in csh. Anyway, this seems to be security/stability issue, maybe a PR is in order? Regards, Martin Tournoij ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;
> Please do not try to execute this: :() { :&:; } ;: on your BSD machine. > I ask all who already tried it how to defend from this? man login.conf Josh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: defend from -> :() { :&:; } ;:
In response to Danielisz Laszlo <[EMAIL PROTECTED]>: > Please do not try to execute this: :() { :&:; } ;: on your BSD machine. Why not? It's just a fork() bomb. > I ask all who already tried it how to defend from this? Defend from what? Make a policy that form() bombs are not funny and launching them is grounds for account termination. Then terminate the account of anyone who does it. Or put appropriate ulimits in place to lessen the impact. In any event, a user can bog down a system without launching a fork() bomb. If you don't have policies in place to delineate acceptable and unacceptable behaviour, you'll have problems. -- Bill Moran http://www.potentialtech.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
defend from -> :() { :&:; } ;:
Please do not try to execute this: :() { :&:; } ;: on your BSD machine. I ask all who already tried it how to defend from this? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"