Re: defend from - :() { ::; } ;:

2007-10-23 Thread Rob

Mike Jeays wrote:

Please do not try to execute this: :() { ::; } ;: on your BSD machine.

What does it do?


It is easier to understand when you replace the : by a more conventional 
subroutine name.


myproc () {
  myproc 
  myproc
}

myproc

It recursively generates useless processes that clog up the machine. Mine 
ground to a halt and froze after a few seconds.


Interesting, if not annoying ;)  Thanks for the explanation, Mike.  I edited 
/etc/login.conf and changed maxproc=unlimited to maxproc=200.  Then tried it.  Took a 
second or so to start spewing Cannot fork: Resource temporarily unavailable.  
I'd opened a 2nd session, and ps wasn't even able to give me full info on what was 
happening.  Luckily, is was easily interruptible and the system seemed to recover.

 -Rob

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Bill Moran
In response to Danielisz Laszlo [EMAIL PROTECTED]:

 Please do not try to execute this: :() { ::; } ;: on your BSD machine.

Why not?  It's just a fork() bomb.

 I ask all who already tried it how to defend from this?

Defend from what?  Make a policy that form() bombs are not funny and
launching them is grounds for account termination.  Then terminate the
account of anyone who does it.  Or put appropriate ulimits in place to
lessen the impact.

In any event, a user can bog down a system without launching a fork()
bomb.  If you don't have policies in place to delineate acceptable and
unacceptable behaviour, you'll have problems.

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;

2007-10-22 Thread Josh Carroll
 Please do not try to execute this: :() { ::; } ;: on your BSD machine.
 I ask all who already tried it how to defend from this?

man login.conf

Josh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Martin Tournoij
On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
 Please do not try to execute this: :() { ::; } ;: on your BSD machine.
 I ask all who already tried it how to defend from this?

Wow,, my machine just crashed :-/
Does in this work on other OS's as well (ie. GNU/Linux)? Or just
(Free?)BSD? I really don't feel like crashing another machine right
now...

Only works in sh, not in csh.

Anyway, this seems to be security/stability issue, maybe a PR is in
order?

Regards,
Martin Tournoij
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Andrew Pantyukhin
On Sun, Oct 21, 2007 at 12:10:02PM -0700, Danielisz Laszlo wrote:
 Please do not try to execute this: :() { ::; } ;: on your BSD machine.
 I ask all who already tried it how to defend from this?

rm /bin/sh
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Jonathan Chen
On Sun, Oct 21, 2007 at 12:10:02PM -0700, Danielisz Laszlo wrote:
 Please do not try to execute this: :() { ::; } ;: on your BSD machine.
 I ask all who already tried it how to defend from this?

That's just a fork bomb. Try looking at tuning(7) and login.conf(5) to
reduce the maxproc limit for users.
-- 
Jonathan Chen [EMAIL PROTECTED]
--
With sufficient thrust, pigs fly just fine. However, this is not necessarily
a good idea. It is hard to be sure where they are going to land, and it
could be dangerous sitting under them as they fly overhead. -- RFC 1925
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Rolf G Nielsen

Danielisz Laszlo wrote:

Please do not try to execute this: :() { ::; } ;: on your BSD machine.
I ask all who already tried it how to defend from this?



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___

freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]





What does it do?

--

Sincerly,

Rolf Nielsen
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Gary Kline
On Mon, Oct 22, 2007 at 06:44:18PM +0200, Martin Tournoij wrote:
 On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
  Please do not try to execute this: :() { ::; } ;: on your BSD machine.
  I ask all who already tried it how to defend from this?
 
 Wow,, my machine just crashed :-/
 Does in this work on other OS's as well (ie. GNU/Linux)? Or just
 (Free?)BSD? I really don't feel like crashing another machine right
 now...
 
 Only works in sh, not in csh.
 
 Anyway, this seems to be security/stability issue, maybe a PR is in
 order?
 
 Regards,
 Martin Tournoij


If this *is* only a /bin/sh bug, then it maybe time to issue a 
PR.  Remember that *our* Bourne shell is really a shell or 
ash.  I remember hacking on this and playing with it back in tha
late 80's.

It might be time to use zsh as the FBSD /bin/sh  


gary



-- 
  Gary Kline  [EMAIL PROTECTED]   www.thought.org  Public Service Unix
  http://jottings.thought.org   http://transfinite.thought.org

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Matt
On 10/22/07, Martin Tournoij [EMAIL PROTECTED] wrote:
 On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
  Please do not try to execute this: :() { ::; } ;: on your BSD machine.
  I ask all who already tried it how to defend from this?

 Wow,, my machine just crashed :-/
 Does in this work on other OS's as well (ie. GNU/Linux)? Or just
 (Free?)BSD? I really don't feel like crashing another machine right
 now...

 Only works in sh, not in csh.

 Anyway, this seems to be security/stability issue, maybe a PR is in
 order?

 Regards,
 Martin Tournoij

I'm not a sh or bash syntax expert, but isn't this a standard fork
bomb type command?  If so, it should be possible to mitigate it with
sensible login tunings set in login.conf (in this particular case, I
think maxprocesses is the one to focus on).

Executing this command on my workstation does not result in any
(noticeable) bad side effects under sh or bash login shells - just
notifications of Cannot fork: Resource temporarily unavailable as
the max process limit is hit.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Bill Moran
In response to Martin Tournoij [EMAIL PROTECTED]:

 On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
  Please do not try to execute this: :() { ::; } ;: on your BSD machine.
  I ask all who already tried it how to defend from this?
 
 Wow,, my machine just crashed :-/
 Does in this work on other OS's as well (ie. GNU/Linux)? Or just
 (Free?)BSD? I really don't feel like crashing another machine right
 now...

It's a fork bomb.  It affects every OS that has fork() or equivalent.

 Only works in sh, not in csh.

No, it works in csh, the syntax is different.

 Anyway, this seems to be security/stability issue, maybe a PR is in
 order?

No.  Research (on your point) into fork bombs and how to configure
the system to handle them properly is in order.

-- 
Bill Moran
http://www.potentialtech.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Mike Jeays
On October 22, 2007 12:44:18 pm Martin Tournoij wrote:
 On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
  Please do not try to execute this: :() { ::; } ;: on your BSD machine.
  I ask all who already tried it how to defend from this?

 Wow,, my machine just crashed :-/
 Does in this work on other OS's as well (ie. GNU/Linux)? Or just
 (Free?)BSD? I really don't feel like crashing another machine right
 now...

 Only works in sh, not in csh.

 Anyway, this seems to be security/stability issue, maybe a PR is in
 order?

 Regards,
 Martin Tournoij
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]

Yes, it brought down my Ubuntu 7.10 system pretty well immediately.  I had to 
reboot.




-- 
Mike Jeays
http://www.jeays.ca
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Mike Jeays
On October 22, 2007 03:58:35 pm Rolf G Nielsen wrote:
 Danielisz Laszlo wrote:
  Please do not try to execute this: :() { ::; } ;: on your BSD machine.
  I ask all who already tried it how to defend from this?
 
 
 
  __
  Do You Yahoo!?
  Tired of spam?  Yahoo! Mail has the best spam protection around
  http://mail.yahoo.com
  ___
  freebsd-questions@freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to
  [EMAIL PROTECTED]

 What does it do?

It is easier to understand when you replace the : by a more conventional 
subroutine name.

myproc () {
  myproc 
  myproc
}

myproc

It recursively generates useless processes that clog up the machine. Mine 
ground to a halt and froze after a few seconds.




-- 
Mike Jeays
http://www.jeays.ca
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Jonathan Chen
On Mon, Oct 22, 2007 at 06:44:18PM +0200, Martin Tournoij wrote:
 On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
  Please do not try to execute this: :() { ::; } ;: on your BSD machine.
  I ask all who already tried it how to defend from this?
 
 Wow,, my machine just crashed :-/
 Does in this work on other OS's as well (ie. GNU/Linux)? Or just
 (Free?)BSD? I really don't feel like crashing another machine right
 now...
 
 Only works in sh, not in csh.
 
 Anyway, this seems to be security/stability issue, maybe a PR is in
 order?

More likely something's wrong with your system? I tried out the fork
bomb on my box, and while it crawled for a while, it came back out
fine. Running 6-STABLE.

Cheers.
-- 
Jonathan Chen [EMAIL PROTECTED]
--
  Experience is a hard teacher
   because she gives the test first, the lesson afterwards
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: defend from - :() { ::; } ;:

2007-10-22 Thread Benjamin M. A'Lee
On Mon, Oct 22, 2007 at 02:25:42PM -0700, Gary Kline wrote:
 On Mon, Oct 22, 2007 at 06:44:18PM +0200, Martin Tournoij wrote:
  On Sun 21 Oct 2007 12:10, Danielisz Laszlo wrote:
   Please do not try to execute this: :() { ::; } ;: on your BSD machine.
   I ask all who already tried it how to defend from this?
  
  Wow,, my machine just crashed :-/
  Does in this work on other OS's as well (ie. GNU/Linux)? Or just
  (Free?)BSD? I really don't feel like crashing another machine right
  now...
  
  Only works in sh, not in csh.
  
  Anyway, this seems to be security/stability issue, maybe a PR is in
  order?
  
  Regards,
  Martin Tournoij
 
 
   If this *is* only a /bin/sh bug, then it maybe time to issue a 
   PR.  Remember that *our* Bourne shell is really a shell or 
   ash.  I remember hacking on this and playing with it back in tha
   late 80's.
 
   It might be time to use zsh as the FBSD /bin/sh  

Why bother? It's not a bug, exactly, so much as a nasty trick of
the sh syntax. It works just as well in zsh.

-- 
Benjamin A'Lee [EMAIL PROTECTED]
http://subvert.org.uk/~bma/
He who breaks a thing to find out how it works has left the path of
wisdom. - J.R.R. Tolkien


pgp9ySm3UvSpt.pgp
Description: PGP signature