Understand and Prevent Linux Fork Bomb

Warning

The objective of this guide is to make you familiar with Linux Fork Bombing as well as prevention. Experiment with this in your own box. Realize what a program can do with self replication power. But don't misuse it. I am not liable for such application.

Function which eats CPU cycles

"Recursive call", "function having recursive capability", "infinite loop" these are the very common terminologies in the programming world. But these innocent tools have deadly power to eat the complete system resources to make the system completely unresponsive.

See the bash script below and don't run it; it makes your system totally unresponsive if it is not protected by anti-fork mechanism. Hardware restart is the only solution in that case.

chainreaction()
{
chainreaction|chainreaction&
};
chainreaction # call the function

The function forks itself forever, creating a huge number of processes which will utilize every single cycle of the CPU, causing the system to get stuck.

chainreaction|chainreaction calls itself and pipes the output to another call of the function hence the function get called two times.

&(backgrounding)- There is no stop condition. Hence if the function runs in foreground; calling function will not complete until the call returns. So the calling function would wait forever and we have the option to kill it and its children. But when running at background the calling function is completed immediately and eat the resources so quickly that the system becomes unresponsive.

Notice the recursive call is in the background hence the calling process will "die" (in bash but not in C) as soon as it makes the recursive call. If we call the function only once in the recursion, we'll have always one process which will replace its parent, That's why it is called twice here.

The deadly one liner

Make the above script as a one liner

chainreaction() { chainreaction|chainreaction& }; chainreaction

experiment@debian:~$ ulimit -a

core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 1024 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) unlimited virtual memory (kbytes, -v) unlimited file locks (-x) unlimited

experiment@debian:~$ :(){ :|:& };:

-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
[1] 31979
[1]+ Exit 128 : | :

The following short Z Shell code can destroy fork bomb in about a minute

while (sleep 100 &!) do; done

The sleep is introduced to make processes sleep for a short period of time, and due to the delay there are less fork-bombs. Eventually the sleep processes fill up the process table themselves and the fork bombs die off. Once the process table is full off sleep processes the while loop can be killed, and the sleep processes will die once their sleep time is up. Problem solved.

Understand and Prevent Linux Fork Bomb [ for newbies ]

Understand and Prevent Linux Fork Bomb
[ for newbies ]