Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Linux Distros Found Vulnerable By Default

Posted by Zonk on from the change-the-settings dept.

TuringTest writes "Security Focus carries an article about a security compromise found on several major distros due to bad default settings in the Linux kernel. 'It's a sad day when an ancient fork bomb attack can still take down most of the latest Linux distributions', says the writer. The attack was performed by spawning lots of processes from a normal user shell. Is interesting to note that Debian was not among the distros that fell to the attack. The writer also praises the OpenBSD policy of Secure by Default."

6 of 541 comments (clear)

  1. Not your usual vulnerability by David's+Boy+Toy · · Score: 5, Informative

    Fork bombs only work if you can log into the system in question. This is a bit lower priority than your usual vulnerabilities which allow outside attacks.

  2. Re:another way to bring a system to it's knees by tlhIngan · · Score: 5, Informative

    while(1) { malloc(1); }

    That won't work on modern systems, or systems with a lot of virtual memory available (lots of RAM or large swap).

    A modern OS will not actually commit memory until it is actually used, and while malloc() involves some bookkeeping, most of the bookkeeping is very little. It's quite likely you'll actually run out of process RAM (2GB or 3GB, depending on settings on a 32 bit machine) space first before the system starts to strain. On Linux, the recent kernels will kill processes that start hogging RAM when free memory falls below the low-water mark. And each malloc() really allocates 8/16/32 bytes of RAM for even a 1 byte allocation.

  3. Default kenerl in Gentoo? by olympus_coder · · Score: 5, Informative

    Unless you use genkernel, there is NO default kerenel configuration, verions or anything else. No serious admin uses genkerenel as anything other than a starting point - PERIOD.

    Choose your kernel version, patch set, etc. No defaults. I guess he has never actually installed gentoo himself. The author should get a clue about the distro's he's talking about before making clames about their security.

    --
    Spell check? Why bother. That is what grammer/spelling Nazi freaks who waiste band width posting "spell right" are for.
  4. Re:Sheesh, it's a fork bomb by gowen · · Score: 5, Informative

    man ulimit

    Specifically ulimit -H -u <number> in their startup file.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  5. Re:In other news... by tomhudson · · Score: 5, Informative
    The Windows holes aren't in the FRIGGING KERNEL.
    Neither are the "holes" the article talks about.

    If you had bothered to read the thread the article points to, the forkbomb vulnerability wasn't in the kernel per se, but in the /etc/security/limits file, which on most distros has a bunch of example lines commented out by default.

    The kernel can't/shouldn't implement limits that are commented out.
    Edit the file(s) to your taste and reboot.
    No kernel patching necessary.

  6. Re:Thank god I use Windows by soconnor99 · · Score: 5, Informative

    You can put a hundred kill.bat's in there but they never get called. It will transfer control, you need to use "call kill.bat" if you want to continue in the same script.