I just came to realize that my system is not limiting the amount of processes per user properly thus not preventing a user from doing a fork-bomb and crashing the entire system:
user@thebe:~$ cat /etc/security/limits.conf | grep user
user hard nproc 512
user@thebe:~$ ulimit -u
1024
user@thebe:~$ :(){ :|:& };:
[1] 2559
user@thebe:~$ ht-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
-bash: fork: Cannot allocate memory
...
Connection to thebe closed by remote host.
Is this a bug or why is it ignoring the limit in limits.conf and why is not applying the limit that ulimit -n claims it to be?
PS: I really don't think the memory limit is hit before the process limit. This machine has 8GB ram and it was using only 4% of it at the time when I dropped the fork bomb.
EDIT:
I managed to reproduce this on a live CD. So I guess this must be a bug. It basically ends up killing all processes, including system critical things like X11, SSHD etc.
Any user can crash the system.
Turns out that
/etc/security/limits.confdoes work, but needs reboot before it gets interpreted. A log-out is not sufficient.I recommend to anybody to a limit to the config file like
Replace
userwith any username that you would want to limit.Or, better:
Replace
groupwith any user-group that you want to limit.