[pups] User Mode DoS Attacks (was Re: Issues of AUUGN)

Tore Sinding Bekkedal toresbe at ifi.uio.no
Fri Oct 6 00:51:02 AEST 2006

(oops, sent it off-list - sorry, Milo!)

On Thu, 2006-10-05 at 08:46 -0500, Milo Velimirovic wrote:
> > But you'd need kernel mode for that; this is a DoS attack (one of the
> > first?) launched by a user.
> The userland DoS I remember:
> main() {
> 	while(1)
> 		fork();
> }
> And in fact I tried it once on the 11/45 I had access to. Not pretty.  
> It can be made less disastrous by judicious addition of a wait(); call.
> --Milo, wondering how contemporary UNIX will deal with such  
> pathological behavior....

Speaking for Linux, quite badly, though there are some patches that
allow you to limit forks per user. There's even a bash version,
":(){ :|:& };:", which will infinitely fork off bash processes. (It
defines a function calling itself in the background, and then
immediately launches it)

The max number of processes is not so much a problem as the fact that
they are all draining the system resources. Besides, one is likely to
run out of memory before one hits the max process number in Linux

- Tore Sinding Bekkedal

More information about the TUHS mailing list