[SATLUG] Fork bomb prevention

Christopher Lemire christopher.lemire at gmail.com
Mon Oct 11 20:12:31 CDT 2010

On Mon, Oct 11, 2010 at 10:12 AM, Bruce Dubbs <bruce.dubbs at gmail.com> wrote:
> Christopher Lemire wrote:
>> I'd like to get an idea of how many processes my user and the root user are
>> running, so I can know what to set ulimit to in /etc/security/limits.conf
>> $ ~  ps -ef | grep --count
>> Usage: grep [OPTION]... PATTERN [FILE]...
>> Try `grep --help' for more information.
>> $  ~
> You could try 'ps -ef|grep root|wc -l' or 'ps -ef |grep -c ^.*$'
>> I'm missing pattern with this, so I try * (match all), as a pattern,
>> And that is not giving me the output I hoped for either. Any ideas?
>> What do you guys set ulimit to? I imagine it has to be done every boot.
>> Or it has to be done every time a terminal is opened if not set in that
>> config file.
> I generally leave ulimit at the defaults.  There have been a couple of times when I needed a change, but not many.  One instance was when running the gcc regression tests, I needed to increase the stack size.
> Note that ulimit has two contexts.  One is a bash internal function and one an OS function.  The OS function only limits file sizes and is deprecated.
>  -- Bruce
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)

Be default, my Linux computer is vulnerable to a fork bomb. Yes, I've
done it in bash and C a long time ago because I was curious.

➜  ~  ulimit
➜  ~

Maybe by default, you mean the values that are commented out in

 43 #<domain>      <type>  <item>         <value>
 44 #
 46 #*               soft    core            0
 47 #root            hard    core            100000
 48 #*               hard    rss             10000
 49 #@student        hard    nproc           20
 50 #@faculty        soft    nproc           20
 51 #@faculty        hard    nproc           50
 52 #ftp             hard    nproc           0
 53 #ftp             -       chroot          /ftp
 54 #@student        -       maxlogins       4

I do not understand what each of these does. Are they good defaults, I
should uncomment?

After reading through the comments, the nofile option seems like it
might be the one that would limit the number of processes a user on
the system could fork. More importantly than limiting the number of
processes for root can create is the ones an unprivileged user could
create. Right now, any unprivileged user could login to my system
through ssh, run one line of bash, and crash the whole system for
everybody.  :(){ :|:& };: It looks like that, where : is the name of
the function, and the last : is where it is called. Then it creates
processes exponentially. Anybody with root can find a way to kill the
system, and a fork bomb wouldn't be that bad compared to what they
could do. ulimit -u num is the one that limits processes. I would need
to make that permanent for all non privileged users.

➜  ~  ps -ef | grep $USER --count
➜  ~


Christopher Lemire <christopher.lemire at gmail.com>
Ubuntu 64 bit Linux Raid Level 0

gpg --recv-keys E13B0909

Key fingerprint = 3E1A 9103 EF3D 4885 6866  E9DE C69F 18B3 E13B 0909

More information about the SATLUG mailing list