COMMAND
fork
SYSTEMS AFFECTED
HP-UX 9.05 and many others
PROBLEM
Let's say you try on HP-UX something like following:
cat >dead.c
main()
{
while (1) fork();
};
^D
cc dead.c
rtprio 0 a.out
Try telneting to it, ooops, sadly the processes are running at a
higher priority than inetd, sorry... Go to the console, ooops,
getty is still running at a timeshare priority, real time task
gets in ahead sorry...
Box is gone, you'll never be able to log in, Heck you won't even
be able to use any logged in sessions you already have, you need
the big switch with 0/1 written above it. and while (1); probably
would have been sufficient, since real time processes on HP-UX
run in strict round robin fashion by priority level, and never
get priority degraded over time, and always get scheduled ahead
of a normal non real time processes. Credit for this goes to
Matthew Thompson and Benjamin J. Stassard.
However, You can try following if You are in the mood:
kill_me.c
main()
{
for(;;)
fork();
}
^D
cc -o KillMe KillMe.c
KillMe
The user will have MAX number of processes called KillMe and it
will be unable to run any process. Credit for this goes to
Security Bugware.
SOLUTION
"Normally, compute-bound programs should not be run at real-time
priorities, because all time sharing work on the CPU would come
to a complete halt" (from the HP-UX reference manual (man 2
rtprio)). This means, if you don't give the user permission to
run real time processes (or actually the group) he will get a
message like "rtprio: Not owner".
However unless you adjust /etc/conf/conf.c or use SAM to adjust
kernel parameters MAXUPRC, MAXUSERS, MAXSWAPCHUNKS, MINSWAPCHUNKS
you'll have other problems with such an attack with the stock
system such as running out of processes and virtual memory which
renders the system just as useless.