Le blog de numerunique

It's that simple to be nasty
26/12/2020

5 lines, 66 characters: it's all it takes to take a system down.

The line #4 is an endless loop, 1 being always true. Each iteration of the loop duplicate the process. For the child process, the one where fork() is false, there is a recursive call to the same function. Thus each sibling of the initial process do the same...

This quickly ruins the host or the VM in which this process is run, to the point that it's impossible even for the root user to kill the invasive processes.

Fortunately, a solution to this problem was found by the adminsys and CEO of Soweb.io  who hosted the trial of this simple code to assess its impact on a shared system.

systemctl edit --force user-1000.slice

------------------

[Slice]

CPUQuota=90%

------------------

This leaves a tiny margin (e.g. 10%) to clean the invasion.

The lesson to be learn from this is that a local user is a very high potential threat. Local users should always be trusty and share a common interest for the good health of the system they use. If sysadmins ensure it, they will be rewarded by a satisfying contempt on any threat implying a local user.

Précédent | Suivant