Posts Tagged ‘Red Hat’

Forkbombs

Tuesday, March 3rd, 2009

I’ve been going through my bookmarks and trying to organize them (that stumbleupon fed the firefox bookmarks every time I upvoted something hasn’t helped), and among the bookmarks I found this little gem, about how you can thwart forkbombs before they are able to do any serious damage.

In /etc/security/ there is a file called limits.conf, which can be made to control a whole host of different settings. With the hardware of today I find a hard kill limit of 150 processes to be on the cheap side (on the other hand, executing ps aux | wc -l on my system reveals that right now, 117 processes are running, 32 of which are owned by “me”, 71 by root and 16 by various other system users (cupsys, ntp, mysql etc).

On a side note, I love pipes and grep.

$ ps aux | grep root | wc -l
71
$ ps aux | grep patrik | wc -l
32
$ ps aux | grep -v patrik | grep -v root | wc -l
16

It might not be necessary to allow more than 150 processes, but on the other hand I would find it irritating hitting this limit (although hitting it would probably indicate that I have to much crap running at the same time) and the real use for this limit on a single-user system would most likely be to ward off the effects of unwittingly doing something stupid (executing a forkbomb is stupid), so one can probably afford to raise this limit a bit higher, to 200-300 processes.

UPDATE:

After having forwarded tuss’ brilliant idea of having hesa incorporate this little tip in his C class (preferably before teaching about the fork(); function), hesa shot it down *mumble*platform specific solution*mumble*. This is of course true, and should serve as just another good reason to switch from Windows ;D

In any case, it got me thinking. Ubuntu, which inherits from Debian, seem to be identical in the important things. /etc/security/limits.conf does indeed seem to exist in Debian as well. And Red Hat, so presumably in Fedora as well.

Slackware however, seem to store this data in the file “limits” directly under /etc/ (i.e. /etc/limits). It is by no means an exhaustive search, but Googling for “[your_favorite_distro]” and “limits.conf” or “limits” or “limiting processes” should hopefully reward you.

UPDATE2:

I spell like a douche…