Bug 237715 - maxproc needs a default value
Summary: maxproc needs a default value
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: conf (show other bugs)
Version: 12.0-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs mailing list
URL:
Keywords: crash
Depends on:
Blocks:
 
Reported: 2019-05-02 21:56 UTC by Stefan Rink
Modified: 2019-05-06 14:15 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Rink 2019-05-02 21:56:22 UTC
Creating a shell file with something like $0&$0& will kill any FreeBSD machine with the default configuration. (Also kills the host when you try this in a jail)

In bash;
:() { :|: & };:

There should be at least some default value set for maxproc in login.conf, unlimited is asking for trouble. :-)


Be careful with this, it takes down your machine hard and only recovery is power cycle or hard reset.
Comment 1 sigsys 2019-05-06 00:26:31 UTC
It's hard to pick a sensible default though.  OpenBSD has default (per architecture) rlimits, which I think is a good idea, but they often have to be changed.

There's kern.maxprocperuid which can default to something calculated based on hardware resources.  It's set a bit lower than maxproc as it is, but not enough to protect the system in most cases it seems.

A process count limit alone only protects you against accidental fork bombs.  And then again, it probably only protects other users from it, it's pretty hard to recover your session when you can't spawn more processes.

I guess that's the reason it hasn't been done already, it's not a good protection by itself and setting a whole bunch of resource limits is too difficult (and required to set very low per-process limits to be effective before rctl).