Bug 28522

Summary: The ability to crash any freebsd box with 8 lines of shell script
Product: Base System Reporter: Ryan Malek <squirl>
Component: miscAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description Ryan Malek 2001-06-29 17:20:01 UTC 
I wrote a small paper documenting this problem.  I _think_ its quite a serious problem considering the fact that I can drop any FreeBSD box with 7 or 8 lines of shell scripting.  Here is the paper I wrote on it:

http://exotica.mach3ww.com/~squirl/devzero-vuln.txt

Feel free to contact me for questions or to harass me =P
Comment 1 dwmalone 2001-06-29 17:54:34 UTC 
On Fri, Jun 29, 2001 at 09:11:32AM -0700, Ryan Malek wrote:
> I wrote a small paper documenting this problem.  I _think_ its quite a serious problem considering the fact that I can drop any FreeBSD box with 7 or 8 lines of shell scripting.  Here is the paper I wrote on it:
> 
> http://exotica.mach3ww.com/~squirl/devzero-vuln.txt

You seem to have rediscovered the fork bomb - if the admin has
suitable process limits set then this shouldn't be a problem.  Try
saying "limit maxproc 10" and running the catbomb, you should find
it is less effective.

(I'll close the PR unless there is more to the problem than this).

	David.
Comment 2 Peter Pentchev 2001-06-29 18:08:29 UTC 
On Fri, Jun 29, 2001 at 10:00:19AM -0700, David Malone wrote:
> The following reply was made to PR misc/28522; it has been noted by GNATS.
> 
> From: David Malone <dwmalone@maths.tcd.ie>
> To: Ryan Malek <squirl@exotica.mach3ww.com>
> Cc: freebsd-gnats-submit@FreeBSD.org
> Subject: Re: misc/28522: The ability to crash any freebsd box with 8 lines of shell script
> Date: Fri, 29 Jun 2001 17:54:34 +0100
> 
>  On Fri, Jun 29, 2001 at 09:11:32AM -0700, Ryan Malek wrote:
>  > I wrote a small paper documenting this problem.  I _think_ its quite a serious problem considering the fact that I can drop any FreeBSD box with 7 or 8 lines of shell scripting.  Here is the paper I wrote on it:
>  > 
>  > http://exotica.mach3ww.com/~squirl/devzero-vuln.txt
>  
>  You seem to have rediscovered the fork bomb - if the admin has
>  suitable process limits set then this shouldn't be a problem.  Try
>  saying "limit maxproc 10" and running the catbomb, you should find
>  it is less effective.
>  
>  (I'll close the PR unless there is more to the problem than this).

But is it really ineffective?  Just five instances of 'cat' would
consume quite a lot of kernel resources (fake read, fake write, two
syscalls, data copies to userspace and back...).

G'luck,
Peter

-- 
I am the thought you are now thinking.
Comment 3 dwmalone 2001-06-29 18:13:50 UTC 
> But is it really ineffective?  Just five instances of 'cat' would
> consume quite a lot of kernel resources (fake read, fake write, two
> syscalls, data copies to userspace and back...).

If you allow you users to use resources of any sort then they can
use them - you can't get around that. Some people have done things
with fancy schedulers which split CPU time between uids as opposed
to between processes - this might be of some help.

(Mind you, you can do far worse in terms of making the system
unresponisve than running 5 processes by just using 1 process and
a few standard shell commands, and that's just what I can think of
off the top of my head.)

	David.
Comment 4 dwmalone freebsd_committer freebsd_triage 2001-06-30 08:34:56 UTC 
State Changed
From-To: open->closed

Problem looks like fork-bomb attack, which can be delt with using 
process limits. If not the submitter can contact me and I'll look 
into it in more detail.