Understanding and Preventing Fork Bombs

Duffy — Wed, 07 Oct 2009 16:26:57 +0000

A fork bomb is just a bash function that gets called recursively. Once a fork bomb is active on a machine it may not be able to preform normally until a reboot is made, as the only solution to the fork bomb is to kill all its processes.

Bash Functions

A fork bomb is really just a bash function, below is an example of a bash function

helloworld() {
echo hello world
};

A fork bomb would be

:(){
 :|:&
};:

Now to explain.
:(){ - Creates the function
:|: - Next it call itself using recursion and pipes the output to another call of the function
& - Puts the function call in the background so child cannot die
}; - Terminate the function
: - Call (run) the function

If you would like a more human readable fork bomb it would be as follows

forkbomb(){
forkbomb | forkbomb &
}; forkbomb

Preventing Fork Bombs

We can prevent users from running fork bombs by limiting the amount of processes they are allowed to run.
We can achive this using /etc/security/limits.conf

To get started open /etc/security/limits.conf

nano /etc/security/limits.conf

In my example I want to limit the user john to 300 processes and any users in the group of students to 250 processes. For this I would put the following into my config file

john hard nproc 300
@students hard nproc 250

Please keep in mind that KDE and Gnome desktop system can lanuch many processes.

Tuts4Tech » Bomb

Understanding and Preventing Fork Bombs

Bash Functions

Preventing Fork Bombs