Le blog de numerunique

It's that simple to be nasty
26/12/2020

5 lines, 66 characters: it's all it takes to take a system down.

The line #5 is an endless loop, 1 being always true. Each iteration of the loop duplicate the process. For the child process, the one where fork() is false, there is a recursive call to the same function. Thus each sibling of the initial process do the same...

This quickly ruins the host or the VM in which this process is run, to the point that it's impossible even for the root user to kill the invasive processes.

Fortunately, a solution to this problem was found by the adminsys and CEO of Soweb.io  who hosted the trial of this simple code to assess its impact on a shared system.

systemctl edit --force user-1000.slice

------------------

[Slice]

CPUQuota=90%

------------------

This leaves a tiny margin (e.g. 10%) to clean the invasion.

Précédent | Suivant