From nobody@FreeBSD.org  Fri Jun 29 09:11:33 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id D821437B403
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 29 Jun 2001 09:11:32 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.3/8.11.3) id f5TGBW693266;
	Fri, 29 Jun 2001 09:11:32 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200106291611.f5TGBW693266@freefall.freebsd.org>
Date: Fri, 29 Jun 2001 09:11:32 -0700 (PDT)
From: Ryan Malek <squirl@exotica.mach3ww.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: The ability to crash any freebsd box with 8 lines of shell script
X-Send-Pr-Version: www-1.0

>Number:         28522
>Category:       misc
>Synopsis:       The ability to crash any freebsd box with 8 lines of shell script
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 29 09:20:01 PDT 2001
>Closed-Date:    Sat Jun 30 00:34:56 PDT 2001
>Last-Modified:  Sat Jun 30 00:36:34 PDT 2001
>Originator:     Ryan Malek
>Release:        All known
>Organization:
Mach3 World Wide
>Environment:
>Description:
I wrote a small paper documenting this problem.  I _think_ its quite a serious problem considering the fact that I can drop any FreeBSD box with 7 or 8 lines of shell scripting.  Here is the paper I wrote on it:

http://exotica.mach3ww.com/~squirl/devzero-vuln.txt

Feel free to contact me for questions or to harass me =P
>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:

From: David Malone <dwmalone@maths.tcd.ie>
To: Ryan Malek <squirl@exotica.mach3ww.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/28522: The ability to crash any freebsd box with 8 lines of shell script
Date: Fri, 29 Jun 2001 17:54:34 +0100

 On Fri, Jun 29, 2001 at 09:11:32AM -0700, Ryan Malek wrote:
 > I wrote a small paper documenting this problem.  I _think_ its quite a serious problem considering the fact that I can drop any FreeBSD box with 7 or 8 lines of shell scripting.  Here is the paper I wrote on it:
 > 
 > http://exotica.mach3ww.com/~squirl/devzero-vuln.txt
 
 You seem to have rediscovered the fork bomb - if the admin has
 suitable process limits set then this shouldn't be a problem.  Try
 saying "limit maxproc 10" and running the catbomb, you should find
 it is less effective.
 
 (I'll close the PR unless there is more to the problem than this).
 
 	David.

From: Peter Pentchev <roam@orbitel.bg>
To: David Malone <dwmalone@maths.tcd.ie>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/28522: The ability to crash any freebsd box with 8 lines of shell script
Date: Fri, 29 Jun 2001 20:08:29 +0300

 On Fri, Jun 29, 2001 at 10:00:19AM -0700, David Malone wrote:
 > The following reply was made to PR misc/28522; it has been noted by GNATS.
 > 
 > From: David Malone <dwmalone@maths.tcd.ie>
 > To: Ryan Malek <squirl@exotica.mach3ww.com>
 > Cc: freebsd-gnats-submit@FreeBSD.org
 > Subject: Re: misc/28522: The ability to crash any freebsd box with 8 lines of shell script
 > Date: Fri, 29 Jun 2001 17:54:34 +0100
 > 
 >  On Fri, Jun 29, 2001 at 09:11:32AM -0700, Ryan Malek wrote:
 >  > I wrote a small paper documenting this problem.  I _think_ its quite a serious problem considering the fact that I can drop any FreeBSD box with 7 or 8 lines of shell scripting.  Here is the paper I wrote on it:
 >  > 
 >  > http://exotica.mach3ww.com/~squirl/devzero-vuln.txt
 >  
 >  You seem to have rediscovered the fork bomb - if the admin has
 >  suitable process limits set then this shouldn't be a problem.  Try
 >  saying "limit maxproc 10" and running the catbomb, you should find
 >  it is less effective.
 >  
 >  (I'll close the PR unless there is more to the problem than this).
 
 But is it really ineffective?  Just five instances of 'cat' would
 consume quite a lot of kernel resources (fake read, fake write, two
 syscalls, data copies to userspace and back...).
 
 G'luck,
 Peter
 
 -- 
 I am the thought you are now thinking.

From: David Malone <dwmalone@maths.tcd.ie>
To: Peter Pentchev <roam@orbitel.bg>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/28522: The ability to crash any freebsd box with 8 lines of shell script 
Date: Fri, 29 Jun 2001 18:13:50 +0100

 > But is it really ineffective?  Just five instances of 'cat' would
 > consume quite a lot of kernel resources (fake read, fake write, two
 > syscalls, data copies to userspace and back...).
 
 If you allow you users to use resources of any sort then they can
 use them - you can't get around that. Some people have done things
 with fancy schedulers which split CPU time between uids as opposed
 to between processes - this might be of some help.
 
 (Mind you, you can do far worse in terms of making the system
 unresponisve than running 5 processes by just using 1 process and
 a few standard shell commands, and that's just what I can think of
 off the top of my head.)
 
 	David.
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Sat Jun 30 00:34:56 PDT 2001 
State-Changed-Why:  
Problem looks like fork-bomb attack, which can be delt with using 
process limits. If not the submitter can contact me and I'll look 
into it in more detail. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=28522 
>Unformatted:
