Currently viewing entries from 9 April, 2008

ForkBomb Prevention on Debian


originally uploaded by matthewpoer.

Forkbombs are nasty little programs that fork their process, and then do it again. And again. And so on, until they have consumed all of the available resources. By default, Debian systems are susceptible to forkbombs. However, there are precautions you may take to secure your Debian GNU/Linux box from being abused this way.

Simply alter /etc/security/limits.conf to fit your needs. The file is relatively easy to configure, and the changes you make will take place immediately (no need to reload any services). If there is a specific user you want to watch out for for forkbombs, just limit the number of processes he or she has access to:

isomk hard nproc 100

And if it is all of your users that you are worried about:

* hard nproc 1000

The wildcard refers to all users. Limiting to 1000 means that any user should be able to run all of his or her Desktop Environment applications, but should limit an forkbombs to being relatively ineffective.

/etc/security/limits.conf is how many webhosts are able to set a user or a group of users to be limited to a certain filesize, memory amount or CPU time. If you are considering making your Debian machine public as a shell server or web host or some kind, be sure to use this tool to keep your users under control.

By the way, forkbombs can be written in nearly any language, including scripting languages like BASH and Perl. There are many listed on wikipedia, but my friend Kyle Isom wrote this one in C (he calls it crashboom):

int main() {
        return 0;