Bug 206289

Summary: Fedora is succetible to forkbombs by a user.
Product: [Fedora] Fedora Reporter: Victor Bogado <bogado>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.securityfocus.com/columnists/308
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-14 06:21:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Victor Bogado 2006-09-13 14:39:41 UTC
Description of problem:
After seeing this article on security focus I wanted to test it and as soon as I
did I found out that indeed a normal user can efectly halt a system with a
simple forkbomb.

Steps to Reproduce:
1. open a terminal 
2. type :(){:|:?};:
3. press enter and wait a few seconds, after witch the computer will halt completly
  
Actual results:
A complete halt, the computer stops to answer interrupts, the mouse stop and no
keyboard activity can save ctrl-alt-F1 does not work. 

Expected results:
the process should reproduce till it meet a rational user limit. Then the fork
should fail to fork the process.

Comment 1 Dave Jones 2006-09-14 06:21:13 UTC
man ulimit


Comment 2 Victor Bogado 2006-09-14 12:12:41 UTC
Do you really feel that this should be a default and that this is not a BUG? 

Comment 3 Victor Bogado 2006-09-14 12:27:33 UTC
What I mean is that in the default instalation a user can halt a system, without
any priviledges, a situation that could be fixed by a simple switch on the
defaults. What is the use of having SELinux if you can simply forkbomb the
machine????

Now follow me here, SELinux is installed so if a service is compromised the
service will not be able to do damage on the system, correct? But httpd have to
be able to fork, and as such one person that compromises a httpd server can
bring the machine down with all other services with it. 

I, in my humble opinion, think that this limit in number of proccess a user can
have should have been setted to a reasonable number in the kernel, ulimit is a
bash feature and does not affect programs that are started by other means, or am
I mistaken?