Linux Hacks — Process Quota

Posted by & filed under , .

One way an attacker might try to crash your machine is to exploit the process quota — more specifically to exploit the fact that a process quota is not set. The process quota defines an upper limit for the number of processes a user can run at any moment in time. If this is not, it will allow any user to run an infinite number of processes — which will ultimately bring the machine to its knees.

The code to exploit this is quite simple, as you might have guessed it: an infinite loop that simply calls fork() — so the number of processes at each iteration will multiply in geometrical progression and pretty pretty shortly it will stop the server from doing anything else than swapping in between these processes — such that the only thing you can really do is a hard reset. (You won’t be able to log in either remotely or via a console or even kick off a simple reboot as the system will not be able to fork another process anymore!)

Below is the code:

#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>
 
int main( int argc, char ** argv )
{
   while( 1 )
      fork();
}

Remember that in order to prevent such an exploit on your machine you should set a process quota for your users. Consult your man pages on how to do so.

Download the source code here.

NOTE: This is an article from my old website, way before I restructured it. Since I see visitors going through search engines and requesting the old page, I decided to resurrect this, as it obviously presents a certain level of interest to users out there, so at least future searches will not get a simple 404 but get instead this page.

Leave a Reply

Your email address will not be published.