# How can i guard my system against too many processes ?

## garo

Yesterday, when i wrote following program:

```
#!/usr/bin/perl

while(){

  fork();

}
```

and i executed it as a normal user (not root), the system crashed completly, i tried "killall -9" with the name of the program as argument, and later perl as argument to kill the processes, but i couldn't stop them.

What can I do to protect myself against this (a other user can also write a program like this), and if it happens, how can i kill the processes?

----------

## rac

ulimit -u should help you here.  In Debian, I think system-wide defaults were set in /etc/login.defs, and that file appears to exist in Gentoo also, so that's where I would start trying to put it.

----------

## CowboyNeal

 *rac wrote:*   

> ulimit -u should help you here.  In Debian, I think system-wide defaults were set in /etc/login.defs, and that file appears to exist in Gentoo also, so that's where I would start trying to put it.

 

Better check /etc/security/limits.conf

----------

## rac

 *CowboyNeal wrote:*   

> Better check /etc/security/limits.conf

 

Excellent - PAM to the rescue.  Yes, that "nproc" looks perfect.  Thanks.

----------

## garo

Thanks, I never knew that i had this "/etc/security" directory, but i have still one question 

```

#<type> can have the two values:

#        - "soft" for enforcing the soft limits

#        - "hard" for enforcing hard limits

```

What are soft and hard limits ?

----------

## rac

 *garo wrote:*   

> What are soft and hard limits ?

 

Users can change soft limits, but not to levels where they would violate hard limits.

----------

## garo

So soft limits are used by users to protect their own, and hard limits by the sysadmin to protect everybody ?

----------

## rac

 *garo wrote:*   

> So soft limits are used by users to protect their own, and hard limits by the sysadmin to protect everybody ?

 

That sounds like a pretty good way to phrase it.

----------

## Tharkun

You system didn't crash, really! It just soooo fucking slow ... :) If your process settings are not low enough such a fork bomb can still make your machine quite slow and with the normal limits it can pretty much halt the system but it does not crash, a crash is when you get "Kernel Panic, Aiee!" on the console :)

IIRC with standard settings it took about 20-30 minutes for my system to become responsive again :)

Also as root you can just kill all processes of the user that has the fork bomb running. Sucks if the user is you and you're logged into X and dont want it to go down :P But depending on the limit on processes you have to be patient while waiting for the login process :P

----------

## garo

 *Quote:*   

> You system didn't crash, really! It just soooo fucking slow ... 

 

I know, because i was still able to give commands (i only had to wait 15 minutes after each command), but i am not very selective with the term "crash"  :Smile: 

----------

## CowboyNeal

 *garo wrote:*   

>  *Quote:*   You system didn't crash, really! It just soooo fucking slow ...  
> 
> I know, because i was still able to give commands (i only had to wait 15 minutes after each command), but i am not very selective with the term "crash" 

 

That's because the default NPROC limit is set to a sane value (512 orso), not unlimited. I crashed a dual-sparc server running solaris, once. Very stupid, I know, but at the time I thought it would be fun. 'They' couldn't even stop it, because 'kill' is a program, not a shell-command  :Very Happy: .

----------

## gillesg

 *rac wrote:*   

>  *garo wrote:*   What are soft and hard limits ? 
> 
> Users can change soft limits, but not to levels where they would violate hard limits.

 

And how do you change the system hard limits?

Using the file /etc/security/limits.conf I can modify soft and Hard limits for a user only to the extend of the system limits.

if my /etc/security/limits.conf is empty, 

the result of ulimit -a is 

```

gillesg $ ulimit -aH

core file size        (blocks, -c) unlimited

data seg size         (kbytes, -d) unlimited

file size             (blocks, -f) unlimited

max locked memory     (kbytes, -l) unlimited

max memory size       (kbytes, -m) unlimited

open files                    (-n) 1024

pipe size          (512 bytes, -p) 8

stack size            (kbytes, -s) unlimited

cpu time             (seconds, -t) unlimited

max user processes            (-u) 2037

virtual memory        (kbytes, -v) unlimited

gillesg $ ulimit -aS

core file size        (blocks, -c) 0

data seg size         (kbytes, -d) unlimited

file size             (blocks, -f) unlimited

max locked memory     (kbytes, -l) unlimited

max memory size       (kbytes, -m) unlimited

open files                    (-n) 1024

pipe size          (512 bytes, -p) 8

stack size            (kbytes, -s) 8192

cpu time             (seconds, -t) unlimited

max user processes            (-u) 2037

virtual memory        (kbytes, -v) unlimited

```

changing /etc/security/limits.conf to 

```

#<domain>      <type>  <item>         <value>

#

#*               soft    core            0

#*               hard    rss             10000

#@student        hard    nproc           20

#@faculty        soft    nproc           20

#@faculty        hard    nproc           50

#ftp             hard    nproc           0

#@student        -       maxlogins       4

gillesg         soft    nproc           4096

gillesg         hard    core            1000000

gillesg         hard    stack           65536

gillesg         soft    stack           16386

gillesg         hard    nofile          1030    

gillesg         soft    nofile          512     

# End of file

```

Now when I login my ulimit -a is

```

gillesg $ ulimit -aH 

core file size        (blocks, -c) 1000000

data seg size         (kbytes, -d) unlimited

file size             (blocks, -f) unlimited

max locked memory     (kbytes, -l) unlimited

max memory size       (kbytes, -m) unlimited

open files                    (-n) 1024

pipe size          (512 bytes, -p) 8

stack size            (kbytes, -s) 65536

cpu time             (seconds, -t) unlimited

max user processes            (-u) 2037

virtual memory        (kbytes, -v) unlimited

gillesg $ ulimit -aS

core file size        (blocks, -c) 0

data seg size         (kbytes, -d) unlimited

file size             (blocks, -f) unlimited

max locked memory     (kbytes, -l) unlimited

max memory size       (kbytes, -m) unlimited

open files                    (-n) 1024

pipe size          (512 bytes, -p) 8

stack size            (kbytes, -s) 16386

cpu time             (seconds, -t) unlimited

max user processes            (-u) 2037

virtual memory        (kbytes, -v) unlimited

```

How can I make open files behind higher than 1024?

Thanks.

Gilles

----------

## rac

 *gillesg wrote:*   

> How can I make open files behind higher than 1024?

 

```
# ulimit -n

1024

# ulimit -n 4096

# ulimit -n

4096
```

...does this not work for you?

----------

## gillesg

 *rac wrote:*   

>  *gillesg wrote:*   How can I make open files behind higher than 1024? 
> 
> ```
> # ulimit -n
> 
> ...

 

It does work for root, but not for a regular user.

As root: no problem, and all child process are ok on the ulimit -a side.

As gillesg:

```
gillesg$ ulimit -n 1256

bash: ulimit: cannot modify open files limit: Operation not permitted

```

----------

## Tharkun

/usr/src/linux/include/linux/limits.h

----------

## Xor

inspired by the idea to nuke my system..... I tried it.... and it woked....

instead of fideling with a limits.conf, I try the approach with grsecurity (there I'm also able to tell the forks/s and also max process based on the gid)

As mentioned, System didn't crash, but hey... someone invented journaled-filesystems... and what are they good for if you don't use  'em  :Smile: 

---

jepp.... the process gets killed... no more fork bombs  :Smile: 

----------

## gillesg

I have not yet tried it, but grepping thru the include, I roughly got an idea.

It might be ok for open files, but I do not get it then for max user processes.

In fact I am setting Oracle 9i on this platform.

In the install doc they are saying to set ulimit -n 65536

ulimit -u 16384This works for the current shell, but any other shell do not see it.

And if root does not set it and for a child shell, it is lost.

How can that be done ?

----------

## gillesg

How do you modify for the whole system the parameter

modified by ulimit -u (max user process)

and ulimit -n (max open files)

Once my box has booted root can set those value (-n and -u)

over the value displayed by ulimit -aH.

By any other user cannot do that. They get a message :

```
bash: ulimit: cannot modify max user processes limit: Operation not permitted
```

I have found that I can modify almost all other parameters thru limits.conf, but those 2 do not seems to work.

Thanks you for your insight

Gilles

----------

