In computing, the fork bomb is a form of denial-of-service attack against a computer system which makes use of the fork operation (or equivalent functionality) whereby a running process can create another running process.
A fork bomb works by creating a large number of processes very quickly in order to saturate the available space in the list of processes kept by the computer's operating system. If the process table becomes saturated, no new programs may start until another process terminates.
the following example may look innocent, but running it on an unprotected system may take the whole system down:
Do not run this code on an unprotected system!
$ :(){ :|:& }; :
The above shell script will actually keep forking at an exponential rate until system resources are exhausted.
To protect a system against such attacks, there is a file for limiting the number of processes per user. It is
/etc/security/limits.conf. Add the following two lines to it:
* hard nproc 20
user hard nproc 300
or
@users soft nproc 100 @users hard nproc 150
These lines prevent anyone in the
users group from having more than 150 processes, and issue a warning at 100 processes.Your system may not have a
users group, so you may want to edit the lines to match your needs.
Nema komentara:
Objavi komentar