bug-bash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The memory occupied by bash has been increasing due to the fork bomb

From: zju
Subject: Re: The memory occupied by bash has been increasing due to the fork bomb
Date: Sat, 11 Mar 2023 00:37:49 +0800 
>The Un*x convention has always been that SIGTERM kills the process but
>the process can override that, and SIGKILL kills the process and the
>process cannot override that. So if systemd isn't protecting the system
>adequately with its current operation, it should instead send SIGKILL.

As yuhang said the sigterm signal is sent by bash instead of systemd.
And I think ignore the SIGTERM is reasonable as well.

>In regard to OOM, if the goal is to prevent fork bombs, the system
>administrator would need to set a hard limit on "ulimit -u", “The
>maximum number of processes available to a single user" as well as
>"ulimit -d", "The maximum size of a process's data segment". Changing
>the behavior of bash alone could not prevent an attacker from forcing
>OOM, it would just require the attacker to be more sophisticated.

I have already set the maximum number of processes available to a single user 
"ulimit -Su”.
But the memory occupied by bashes were increasing all the time which would call 
oom.This is the key issue.
As you can see the details below

[root@fedora parallels]# ps aux | grep bash | grep paralle | head
paralle+ 4640 0.0 0.0 6892 72 ? Ss 22:54 0:00 /usr/bin/ssh-agent /bin/sh -c 
exec -l /bin/bash -c "/usr/bin/gnome-session"
paralle+ 5563 0.0 0.1 224516 3212 pts/0 Ss+ 22:54 0:00 bash
paralle+ 6269 0.0 0.2 224252 4956 pts/1 Ss 22:57 0:00 bash
paralle+ 51377 0.0 0.1 224820 2808 pts/0 S 23:14 0:00 bash
paralle+ 51410 0.0 0.1 224964 2704 pts/0 S 23:14 0:00 bash
paralle+ 51558 0.0 0.1 224804 2796 pts/0 S 23:14 0:00 bash
paralle+ 51662 0.0 0.1 224800 2788 pts/0 S 23:14 0:00 bash
paralle+ 51704 0.0 0.1 224796 2768 pts/0 S 23:14 0:00 bash
paralle+ 51711 0.0 0.1 224816 2820 pts/0 S 23:14 0:00 bash
paralle+ 52051 0.0 0.1 224952 2832 pts/0 S 23:14 0:00 bash
[root@fedora parallels]# free -h
total used free shared buff/cache available
Mem: 1.9Gi 1.3Gi 44Mi 106Mi 590Mi 440Mi
Swap: 1.9Gi 109Mi 1.8Gi
[root@fedora parallels]# ps aux | grep bash | grep paralle | head
paralle+ 4640 0.0 0.0 6892 1000 ? Ss 22:54 0:00 /usr/bin/ssh-agent /bin/sh -c 
exec -l /bin/bash -c "/usr/bin/gnome-session"
paralle+ 5563 0.0 0.1 224516 3040 pts/0 Ss+ 22:54 0:00 bash
paralle+ 6269 0.0 0.2 224252 4552 pts/1 Ss 22:57 0:00 bash
paralle+ 104137 0.0 0.1 225632 2984 pts/0 S 23:26 0:00 bash
paralle+ 104176 0.0 0.1 225668 3060 pts/0 S 23:26 0:00 bash
paralle+ 104183 0.0 0.1 225668 3060 pts/0 S 23:26 0:00 bash
paralle+ 104187 0.0 0.1 225664 2800 pts/0 S 23:26 0:00 bash
paralle+ 104396 0.0 0.1 225628 3048 pts/0 S 23:26 0:00 bash
paralle+ 104412 0.0 0.1 225628 3048 pts/0 S 23:26 0:00 bash
paralle+ 104423 0.0 0.1 225668 3064 pts/0 S 23:26 0:00 bash
[root@fedora parallels]# ps aux | grep bash | grep paralle | wc -l
714

>Second, When bash fork is a child process, it always creates a memory to 
>manage the job, even if the maximum number set by the ulimit command is reached

Maybe as yuhang said at the very beginning that the memory occupied by the bash 
has been growing all the time.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]