Self-Replicating Processes
Self-Replicating Processes
Copyright(c) Management Analytics, 1995 - All Rights Reserved
Copyright(c), 1990, 1995 Dr. Frederick B. Cohen - All Rights Reserved
Problem:
Occasionally, a user creates a process that repeatedly spawns
copies of itself. Each copy also replicates, and so on. The net effect
is that it becomes nearly impossible to eliminate all of these processes
without a system reboot. The reason it is so hard to get rid of this
sort of process is that each time we kill one copy, another one is
created to take its place.
Prevention:
We can limit the number of processes available to a user,
or otherwise restrict the rate of process spawning to slow the effect,
but ultimately, we cannot deny users the ability to use the capabilities
of UNIX and still have a workable environment.
Detection:
Detecting run away processes is usually pretty easy because
the process table fills and this produces error messages on the
console. In some cases, the user will let you know that they made a
mistake and cannot access their account. Thrashing may also be an indicator
of this problem.
Cure:
The only way to stop a self-relicating process during normal
operation is to place a very high priority on the processes killing
the worm segments. This rarely succeeds, and more often than not, a
system reboot is required.