Hello, I originally sent this to LFS support by mistake; I shouldn't send emails late at night ;)
I've wrote to LFS support before about fork bombs. Last July I learned how to prevent them by limiting the number of processes a user can have with /etc/limits. Recently I've been working on installing linux-PAM (for ssh, it gives me more options to use PAM. I want to open ssh to the internet so I'm hardening things up a bit, pam_faildelay.so is a wonderful thing). I first had a suspicion something was wrong when I saw this in /var/log/auth.log on one of our computers: Oct 8 13:16:26 router su[546]: Invalid limit string: ' U128' As part of my testing I tried a fork bomb and was horrified to discover that nothing I did with PAM could prevent the fork bomb from locking up the system. Then I tried it on a system that didn't have PAM (it still had just shadow) and the result was the same, the fork bomb made the system unresponsive. I can't remember what version of shadow I was using last July but I can't make shadow-4.1.4.3 limit the number of processes and protect against a fork bomb. I've just rebuilt a system with shadow-4.0.18.1 and when I run a fork bomb the shell fills up with "Resource temporarily unavailable" (ie, shadow-4.0.18.1 has done it's job and limited the number of processes), the system stays responsive, I can log out and shut down cleanly. Basically, shadow-4.0.18.1 works. The current version (shadow-4.1.4.3) is broken. With or without PAM it cannot limit the number of processes. Can anyone make shadow-4.1.4.3 limit the number of processes? It seems to me that any system with shadow-4.1.4.3 is vulnerable to a fork bomb. We should go back to 4.0.18.1, which works. Andy -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
