Process limit for user in Linux

Question

This is the standard question, "How do I set a process limit for a user account in Linux to prevent fork-bombing," with an additional twist. The running program originates as a root-owned Python process, which then setuids/setgids itself as a regular user. As far as I know, at this point, any limits set in /etc/security/limits.conf do not apply; the setuid-ed process may now fork bomb. Any ideas how to prevent this?

Have you also tried setreuid()? Regards – Mar 12 '10 at 09:11 — , Mar 12 '10 at 09:11
Yes, I have tried setreuid(). – BrainCore Mar 12 '10 at 09:15 — BrainCore, Mar 12 '10 at 09:15

score 4 · Answer 1 · answered Mar 12 '10 at 10:23

You need to have a look at "Advanced Programming in the UNIX Environment". This book details the necessary steps to help you achieve that which you are trying. Any child cloned/forked from a process will inherit the parent's rlimits. You have two options here as I see it: one you can specifically set the rlimits after the child is created (not as nice) or you can do the double fork magic to create a new process group and session leader which will properly inherit the rlimits set in the system.

score 1 · Answer 2 · answered Mar 12 '10 at 09:25

1

Since the child processes inherit the ulimit settings, could you run ulimit in the python script after it sets the uid/gid, creating a new (lower) hard limit, which would then be the new running condition for all of the potential fork-bomblets?

answered Mar 12 '10 at 09:25

Matt Simmons

20,396
10
68
116

Process limit for user in Linux

2 Answers2