making your OS collapse by using Perl

L

Lars

Did you ever notice that simply typing "perl -e 'fork while 1'" makes
your operating system irresponsive, so a reset is required? This is
especially fatal for a web server that runs a CGI script containing
contains (by chance) the line 'fork while 1'.

This seems to at least hold for the Linux OS.
 
R

Randal L. Schwartz

Lars> Did you ever notice that simply typing "perl -e 'fork while 1'" makes
Lars> your operating system irresponsive, so a reset is required? This is
Lars> especially fatal for a web server that runs a CGI script containing
Lars> contains (by chance) the line 'fork while 1'.

Lars> This seems to at least hold for the Linux OS.

Have you ever noticed that when you poke yourself in the eye with a sharp
stick, it hurts really bad, and you could have permanent damage?

What exactly is your point? "Don't do that"?

Or are you just trying to make sure as many of your scriptkiddy friends know
about a simple boring DoS attack on a box for which they have execution
rights?

{sigh}

print "Just another Perl hacker,"; # the original

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[email protected]> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
*** Free account sponsored by SecureIX.com ***
*** Encrypt your Internet usage with a free VPN account from http://www.SecureIX.com ***
 
J

Jürgen Exner

Lars said:
Did you ever notice that simply typing "perl -e 'fork while 1'" makes
your operating system irresponsive, so a reset is required? [...]
Click to expand...

Of course this can be done with pretty much any programming language.
You must be petty new to computing if you are surprised that a deliberate
DOS attack can bring an OS to its knees.

jue
 
D

Dr.Ruud

Lars schreef:
Did you ever notice that simply typing "perl -e 'fork while 1'" makes
your operating system irresponsive, so a reset is required? This is
especially fatal for a web server that runs a CGI script containing
contains (by chance) the line 'fork while 1'.

This seems to at least hold for the Linux OS.
Click to expand...

while ($alive) {
$object->next->mount;
jump;
}
 
C

Chris Barts

comp.lang.perl.misc said:
Did you ever notice that simply typing "perl -e 'fork while 1'" makes
your operating system irresponsive, so a reset is required?
Click to expand...

Why don't you patch perl so it can detect and abort such infinite loops?
Keep in mind that an infinite loop can be very large, and not look infinite
the first few times it runs through.
 
X

xhoster

Lars said:
Did you ever notice that simply typing "perl -e 'fork while 1'" makes
your operating system irresponsive, so a reset is required?
Yeah.

This is
especially fatal for a web server that runs a CGI script containing
contains (by chance) the line 'fork while 1'.
Click to expand...

What do you mean by chance? Do you have an infinite number of monkeys
writing your CGI code for you?

Xho
 
S

squash

one thing I use is in all my scripts is:

alarm ( 30 ); # for cgi timeout

so the script timesout after 30 seconds in case an infinite loop was
encountered.
 
R

Rick Scott

(Lars said:
Did you ever notice that simply typing "perl -e 'fork while 1'" makes
your operating system irresponsive, so a reset is required? This is
especially fatal for a web server that runs a CGI script containing
contains (by chance) the line 'fork while 1'.

This seems to at least hold for the Linux OS.
Click to expand...

http://catb.org/~esr/jargon/html/F/fork-bomb.html

1) This isn't specific to Perl. Fork bombs are old hat.
2) A properly configured *nix box is quite resilient in the face of
such an attack. In such cases, all that a fork bomb will
accomplish is getting you kicked off of the system by an irritable
sysadmin.
3) Webserver processes in particular really, really need to have sane
limits imposed on them anyway. Amongst other things, bugs in CGI
scripts can cause your webserver to eat its way through processes
or RAM quite quickly. If it starts going berzerk, there should
already be some control mechanism in place to rein it in before it
brings the whole box to its knees.

See also 'man ulimit' or 'man limits.conf' depending on your OS.




Rick
 
A

Anno Siegel

one thing I use is in all my scripts is:

alarm ( 30 ); # for cgi timeout

so the script timesout after 30 seconds in case an infinite loop was
encountered.
Click to expand...

The OP's question wasn't about infinite loops, it was about forking.
A timeout doesn't help against that.

Anno
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

I Need Help with making a function that draws in a canvas using location data. 1
New coder looking for critique on fun project. 6
Please critique my code for fun learning project. 5
The Bible Explained, part 19A/40: Creation and Evolution: Your Worldview 0
compiling perl 5.8.7 on Solaris 8 3
FAQ 3.22 How can I get "#!perl" to work on [MS-DOS,NT,...]? 0
FAQ 3.14 How can I write a GUI (X, Tk, Gtk, etc.) in Perl? 0
making the keys of a hash from parameters collected from a form 7

Members online

No members online now.
Total: 860 (members: 0, guests: 860)
Robots: 222

Forum statistics

Threads
474,183
Messages
2,570,967
Members
47,520
Latest member
KrisMacono

Latest Threads

Top