What is a Fork Bomb in Linux and how to stop it?

What is a Fork Bomb in Linux and how to stop it?

Written by Bobby Iliev on Jun 9th, 2021 Views Report Post

Introduction

A fork bomb (also known as a rabbit virus) is a denial-of-service attack that consists of a process that constantly replicates itself to exhaust all available system resources, slowing down or crashing the system due to resource starvation.

What is a Fork Bomb in Linux and how to stop it?

Here's an example of the most popular fork bomb in Linux:

:(){ :|:& };:

NOTE: do not run this on your system as it would crash the system!

Rundown of all elements

Here's a quick rundown of all elements:

Stopping a fork bomb

If you have a multi-user system, the best way to protect it against such attacks is to limit the number of processes a user can have by using PAM for example.

If you are already logged into the system you could do the following to stop the fork bomb:

  • Run a SIGSTOP command to stop the processes of the user who ran the fork bomb:
killall -STOP -u someuser

Conclusion

For more information about the history of the fork bomb and other examples I would recommend checking this Wikipedia page.

Comments (1)