Announcement

Collapse
No announcement yet.

bomb linux/Unix

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • bomb linux/Unix

    Do you know how to stop this command :(){ :|:&};: (bomb) on FreeBSD - what to do to make it unusefull - how to stop it. How to make a good security ??
    "There is no patch for human stupidity"

  • #2
    That's just the bash equivalent of for(;;) fork(); You can stop it with killall -9 bash. You can use ulimit to limit the number of processes a user can create. Some operating systems, such as OS X, do this per default.
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B0
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B1
    [ redacted ]

    Comment


    • #3
      Originally posted by bascule
      That's just the bash equivalent of for(;;) fork(); ...
      *BSD have advantages over Linux kernels for dealing or preventing things like this and offers more controls for admins. Linux "solutions" are a bit kludge-like. (e.g.: *BSD ulimit > Linux ulimit)

      Problem with "fork bombs" is they are often pretty fast, and you may run out of free PID and not be able to start a new process to kill a process. Even trying to run "ps" (not even considering | grep) can fail if there are no free PID. Linux supports the "Magic SysRq key"

      For Linux SysRq Key, read:
      /usr/src/linux/Documentation/Configure.help Scroll down to "CONFIG_MAGIC_SYSRQ"
      /usr/src/linux/Documentation/sysrq.txt

      killall is also useful on Linux systems, but *be careful* as its function is not the same over all *NIX systems.

      slay is a non-standard command available as a package in some distros to kill all processes owned by the specified user.

      If you are the one who started a forkbomb "accidentally" and want to stop it before it gets out of control, you can iuse GNU kill (and some others) as follows:
      $ kill -9 -0
      the "special " "-0" means "all of the processes that the calling user can kill, and, well, you know what -9 does. :-)

      Best thing to do is kick the far-from-hacking DoS-er off the system for doing something so braindead and revoke their account.
      Last edited by TheCotMan; December 2, 2004, 15:25.

      Comment

      Working...
      X