Test: How do you prevent users from crashing your server

Place to discuss anything, almost. No politics, religion, Microsoft, or anything else that I (the nazi censor) deem inappropriate.
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Test: How do you prevent users from crashing your server

Post by Void Main »

Test question:
How do you prevent normal local users from crashing your Linux servers using this command:

Code: Select all

:() { :|: & } ; :
Enter the above line at a shell prompt and it will likely lock up your server. I would not suggest you test this on a production machine.

Master of Reality
guru
guru
Posts: 562
Joined: Thu Jan 09, 2003 8:25 pm

Post by Master of Reality »

hmm.... ...use zsh?

ZiaTioN
administrator
administrator
Posts: 460
Joined: Tue Apr 08, 2003 3:28 pm
Contact:

Post by ZiaTioN »

Maybe explain what it does? I am not even sure how that could lock up a machine.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

ZiaTioN wrote:Maybe explain what it does? I am not even sure how that could lock up a machine.
Sure I'll explain what it does. It locks up your machine if you don't have it configured right. That's what it does. :) A normal user can lock a system up by entering that line at a shell, at least with certain distros like a default Fedora install they can. I actually ran across this a couple of years back and just put it aside thinking somebody would button up the default configurations but I see a default FC4 install will still be susceptible to it. If you have a workstation just copy/paste it to a shell prompt and see what happens. Worst case you have to press the reset button but won't destroy anything. I won't tell you exactly what it does because that would be a serious hint as to what you can do to prevent it. You should be able to figure it out.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Master of Reality wrote:hmm.... ...use zsh?
Force users to use zsh? That may stop that exact command from locking the system up but it would still be trivial to do a similar command that would, even in zsh.

ZiaTioN
administrator
administrator
Posts: 460
Joined: Tue Apr 08, 2003 3:28 pm
Contact:

Post by ZiaTioN »

Void Main wrote:
ZiaTioN wrote:Maybe explain what it does? I am not even sure how that could lock up a machine.
Sure I'll explain what it does. It locks up your machine if you don't have it configured right. That's what it does. :) A normal user can lock a system up by entering that line at a shell, at least with certain distros like a default Fedora install they can. I actually ran across this a couple of years back and just put it aside thinking somebody would button up the default configurations but I see a default FC4 install will still be susceptible to it. If you have a workstation just copy/paste it to a shell prompt and see what happens. Worst case you have to press the reset button but won't destroy anything. I won't tell you exactly what it does because that would be a serious hint as to what you can do to prevent it. You should be able to figure it out.
I just don't have a non-production server anymore and can not afford to drop what I do have for a simple exercise. I do like to figure things out though which is why I was wanting some info on at least what the characters mean. LOL... I see a pipe and an anpersand but is one command really being piped to another and then forced to the background? It does not look like the case. What do the rest of the characters do/mean?

ZiaTioN
administrator
administrator
Posts: 460
Joined: Tue Apr 08, 2003 3:28 pm
Contact:

Post by ZiaTioN »

Hmm....

I forgot my wife's system dual booted FC2. I booted into that and tried the command and yes it did stop responding to everything, but that still does not show me any hint on how to prevent it.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

It's basically a fork bomb. I believe it is just a function definition that calls itself recursively and backgrounds. It spawns processes until the system just runs out of resources. On a "good" default install users would be limited to the number of processes that they are allowed to start. This can be configured in /etc/security/limits.conf (nproc). It's wise to put limits on all resources so a user can't bring a server to it's knees.
Last edited by Void Main on Mon Jan 16, 2006 9:56 pm, edited 1 time in total.

ZiaTioN
administrator
administrator
Posts: 460
Joined: Tue Apr 08, 2003 3:28 pm
Contact:

Post by ZiaTioN »

Ahh a fork bomb. My server would have been good then because I have already set those limits to prevent a perl fork bomb. My wife's system however was not.

You have to be careful though if limiting system wide. Remember servers such as Apache and others run as non-privilaged users so if you set it to low and have an active webserver then you could be shooting yourself in the foot.

Post Reply