Bash shell fork() bomb

I just tried the famous shell fork() bomb on my Laptop, which is running Debian lenny. (I dare to do this because I’m going to shut down my laptop.) Please note that do NOT run it on your production server! The bomb is simple as it has only 11 characters:

~$ : ( ) { : | : & } ; :

How is it like when the Bash Fork() bomb is running?

After I press enter, I suddenly cannot do anything on my laptop. The mouse and keyboard lost response completely not matter what I did. Finally I need to press the power button for some seconds to force it shut down.

How does this bash fork bomb work?
: ( ) defines a function called :, accepting no arguments,  { : | : & } ; this is the function body. It calls the function itself and pipes the output to the same function “:” and puts the process in the background. (Recursive invocation) with ; it ends the function definition. The final : calls the function and fire it. A human-friendly version looks like this:

bomb() {
  bomb | bomb &
}; bomb

How can I prevent a fork() bomb attack?

Limiting user processes is important for running a stable system. To limit the amount of proecesses, we need to modify /etc/security/limits.conf and impose fork limitations.

For example, with the follwing settings, we can limit the total amount of processes for user group “users” to 200:

~$ tail /etc/security/limits.conf
@users        hard    nproc           200
@users        soft    nproc           200

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.