From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9) Gecko/20010505 Description of problem: The following code will cause Linux to hang-- #include <sys/types.h> #include <unistd.h> int main (){ while (1) fork (); return (0); } This will exhaust the process table. How reproducible: Always Steps to Reproduce: 1. write the following program as DoS.c: #include <sys/types.h> #include <unistd.h> int main (){ while (1) fork (); return (0); } 2. compile using gcc -oDoS DoS.c 3. Run ./DoS Actual Results: X hangs, Apache won't server pages, ssh won't accept new connections, new users cannot log in, existing users cannot execute most shell commands. Top hangs, and when DoS is suspended, a look at the Proc file system indicates that well over 2000 processes are running (top won't list it because it contains too many processes). Expected Results: System might slow down but it should not be possible for an unprivaleged user to lock up the system with a malicious program. Additional info: Also, memory limitations per user might be harder to impliment but might be helpful too(think of using malloc in the previous program!).
Kernel RSS limits aren't yet implemented, but better pam defaults for users is a good idea. I think RH has the opportunity to take the lead here. :) BTW, the reason top won't display 2000 processes is because /proc has pretty severe performance issues when more than 10-20 processes are running. Normally, ps is pretty slow as compared to *BSD, but if you have many processes running, it'll slow down to about two or three PIDs per second. :-/
Later Linux does per user total process limiting. However I'm leaving this open as one of my test sets I see a kernel hang for some other reason. Also to remind us that eventually we need to get the O(1) scheduler updated to do fair share (fair share means that each user gets a share of the CPU not each task, so the more you fork the less time *your* processes get not everyones) Alan
Thanks for the bug report. However, Red Hat no longer maintains this version of the product. Please upgrade to the latest version and open a new bug if the problem persists. The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, and if you believe this bug is interesting to them, please report the problem in the bug tracker at: http://bugzilla.fedora.us/