Bug 206289 - Fedora is succetible to forkbombs by a user.
Fedora is succetible to forkbombs by a user.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dave Jones
Brian Brock
http://www.securityfocus.com/columnis...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-13 10:39 EDT by Victor Bogado
Modified: 2015-01-04 17:28 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-14 02:21:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Victor Bogado 2006-09-13 10:39:41 EDT
Description of problem:
After seeing this article on security focus I wanted to test it and as soon as I
did I found out that indeed a normal user can efectly halt a system with a
simple forkbomb.

Steps to Reproduce:
1. open a terminal 
2. type :(){:|:?};:
3. press enter and wait a few seconds, after witch the computer will halt completly
  
Actual results:
A complete halt, the computer stops to answer interrupts, the mouse stop and no
keyboard activity can save ctrl-alt-F1 does not work. 

Expected results:
the process should reproduce till it meet a rational user limit. Then the fork
should fail to fork the process.
Comment 1 Dave Jones 2006-09-14 02:21:13 EDT
man ulimit
Comment 2 Victor Bogado 2006-09-14 08:12:41 EDT
Do you really feel that this should be a default and that this is not a BUG? 
Comment 3 Victor Bogado 2006-09-14 08:27:33 EDT
What I mean is that in the default instalation a user can halt a system, without
any priviledges, a situation that could be fixed by a simple switch on the
defaults. What is the use of having SELinux if you can simply forkbomb the
machine????

Now follow me here, SELinux is installed so if a service is compromised the
service will not be able to do damage on the system, correct? But httpd have to
be able to fork, and as such one person that compromises a httpd server can
bring the machine down with all other services with it. 

I, in my humble opinion, think that this limit in number of proccess a user can
have should have been setted to a reasonable number in the kernel, ulimit is a
bash feature and does not affect programs that are started by other means, or am
I mistaken? 

Note You need to log in before you can comment on or make changes to this bug.