Re: forkbombing Linux distributions
From: Natanael Copa
Date: Tue Mar 22 2005 - 12:12:46 EST
Hi list!
(I'm new to this list so I'm sorry this mail has not correct thread id)
I have been following this forkbombing discussions and I would like to
point out a few things:
* When setting limits /etc/limits (or /etc/security/limits.conf) you
will prevent logged in users to fork too many processes. However, this
setting will not prevent a missbehaving daemon that is started from a
bootscript to fork too many processes, even if running as non root.
* Linux is very generous allowing maximum numbers of processes for
non-root users by default in comparation to other *nixes.
The kernel defaults is calculated from the amount of RAM in
kernel/fork.c with in those lines:
max_threads = mempages / (8 * THREAD_SIZE / PAGE_SIZE);
/*
* we need to allow at least 20 threads to boot a system
*/
if(max_threads < 20)
max_threads = 20;
init_task.signal->rlim[RLIMIT_NPROC].rlim_cur = max_threads/2;
init_task.signal->rlim[RLIMIT_NPROC].rlim_max = max_threads/2;
The forkbomb is mentioned already in 2001-06-18 by Rik van Riel that
suggested mempages / (16 * THREAD_SIZE / PAGE_SIZE)
http://marc.theaimsgroup.com/?l=linux-kernel&m=99283072806620&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=99617386529767&w=2
But I cannot find out why it was set back again to 8 * ... I think this
is the main reason that almost all distros are vulerable to the stupid
fork bomb attack.
Would it be an idea to set it back to:
mempages / (16 * THREAD_SIZE / PAGE_SIZE)
and let the sysadmins raise the limit with /proc/sys/kernel/threads-max
if they need more?
--
Natanael Copa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/