A fork bomb is just a bash function that gets called recursively. Once a fork bomb is active on a machine it may not be able to preform normally until a reboot is made, as the only solution to the fork bomb is to kill all its processes.
Bash Functions
A fork bomb is really just a bash function, below is an example of a bash function
helloworld() {
echo hello world
};
A fork bomb would be
:(){
:|:&
};:
Now to explain.
:(){ - Creates the function
:|: - Next it call itself using recursion and pipes the output to another call of the function
& - Puts the function call in the background so child cannot die
}; - Terminate the function
: - Call (run) the function
If you would like a more human readable fork bomb it would be as follows
forkbomb(){
forkbomb | forkbomb &
}; forkbomb
Preventing Fork Bombs
We can prevent users from running fork bombs by limiting the amount of processes they are allowed to run.
We can achive this using /etc/security/limits.conf
To get started open /etc/security/limits.conf
nano /etc/security/limits.conf
In my example I want to limit the user john to 300 processes and any users in the group of students to 250 processes. For this I would put the following into my config file
john hard nproc 300 @students hard nproc 250
Please keep in mind that KDE and Gnome desktop system can lanuch many processes.
Wed, Oct 7, 2009
Linux