Void's Forums

[Void Main]

Test question:
How do you prevent normal local users from crashing your Linux servers using this command:

Code: Select all

:() { :|: & } ; :


Enter the above line at a shell prompt and it will likely lock up your server. I would not suggest you test this on a production machine.

[Master of Reality]

hmm.... ...use zsh?

[ZiaTioN]

Maybe explain what it does? I am not even sure how that could lock up a machine.

[Void Main]

Maybe explain what it does? I am not even sure how that could lock up a machine.

Sure I'll explain what it does. It locks up your machine if you don't have it configured right. That's what it does. :) A normal user can lock a system up by entering that line at a shell, at least with certain distros like a default Fedora install they can. I actually ran across this a couple of years back and just put it aside thinking somebody would button up the default configurations but I see a default FC4 install will still be susceptible to it. If you have a workstation just copy/paste it to a shell prompt and see what happens. Worst case you have to press the reset button but won't destroy anything. I won't tell you exactly what it does because that would be a serious hint as to what you can do to prevent it. You should be able to figure it out.

[Void Main]

hmm.... ...use zsh?

Force users to use zsh? That may stop that exact command from locking the system up but it would still be trivial to do a similar command that would, even in zsh.

[ZiaTioN]

Maybe explain what it does? I am not even sure how that could lock up a machine.

Sure I'll explain what it does. It locks up your machine if you don't have it configured right. That's what it does. A normal user can lock a system up by entering that line at a shell, at least with certain distros like a default Fedora install they can. I actually ran across this a couple of years back and just put it aside thinking somebody would button up the default configurations but I see a default FC4 install will still be susceptible to it. If you have a workstation just copy/paste it to a shell prompt and see what happens. Worst case you have to press the reset button but won't destroy anything. I won't tell you exactly what it does because that would be a serious hint as to what you can do to prevent it. You should be able to figure it out.

I just don't have a non-production server anymore and can not afford to drop what I do have for a simple exercise. I do like to figure things out though which is why I was wanting some info on at least what the characters mean. LOL... I see a pipe and an anpersand but is one command really being piped to another and then forced to the background? It does not look like the case. What do the rest of the characters do/mean?

[ZiaTioN]

Hmm....

I forgot my wife's system dual booted FC2. I booted into that and tried the command and yes it did stop responding to everything, but that still does not show me any hint on how to prevent it.

[Void Main]

It's basically a fork bomb. I believe it is just a function definition that calls itself recursively and backgrounds. It spawns processes until the system just runs out of resources. On a "good" default install users would be limited to the number of processes that they are allowed to start. This can be configured in /etc/security/limits.conf (nproc). It's wise to put limits on all resources so a user can't bring a server to it's knees.

[ZiaTioN]

Ahh a fork bomb. My server would have been good then because I have already set those limits to prevent a perl fork bomb. My wife's system however was not.

You have to be careful though if limiting system wide. Remember servers such as Apache and others run as non-privilaged users so if you set it to low and have an active webserver then you could be shooting yourself in the foot.