Running With Forks

The browser war has temporarily been placed on hold in favor of a simultaneous application war. It appears that a Vista user can run maybe 100 applications at a time, and on OS X you are likely to get only a mere 150 applications into your dock. Of course, on Linux you can run even more despite the incredibly high CPU utilization. Imagine a completely unusable computer running 200 applications at once, and in fact this is the scenario we should really be concerned with.
The concept of ULIMIT is related to something called a fork bomb. In this exploit, a denial of service is performed simply by launching more applications than your computer is able to run concurrently. While this requires local access to the PC, it can be easily packaged as a batch file or a trojan application that forks new processes for you in the background. Depending on your operating system, the success of a fork bomb will vary considerably.

A ForkOn a Windows computer, there is no configurable limit to the number of processes you can run. So it is relatively trivial to create a batch file to launch the same application in an infinite loop until the system is unusable. Some Windows services provide protection, in particular IIS can be configured to restrict total number of threads and CPU being consumed. However, this is not system-wide and certainly leaves the door open for trojan applications that may want to take your computer away from you.

UNIX operating systems, however, have the concept of ULIMIT. This facility has evolved, and while most distributions don’t bother to configure any limits they are easily setup and can serve as a protective barrier between you and a poorly written application.

Some of the configurable ULIMIT values include CPU, memory, file handles, and of course the maximum number of allowed processes. “On a Windows computer, there is no configurable limit to the number of processes you can run.”Once the limit has been set, the operating system enforces these rules based on either a specific username, group or all system users. In a typical Linux configuration, ULIMIT values are generally not set. For example, the popular Ubuntu system has no ULIMIT set but the /etc/security/limits.conf file can be easily modified to apply these restrictions.

Perhaps in a future version of Windows there will be an equivalent option. Ideally, a process could in fact detect fork bombs in progress and automatically terminate the parent to prevent any more processes from running. In the meantime, setting sensible ULIMIT’s on your UNIX system will take care of protecting yourself from errant applications that bring your system to it’s knees.