Home » Home » HOW TO: Create Fork BOMB In LINUX?

If you are not thrilled with the real bomb, you can try typing this  :(){ :|:& };:  on your Linux terminal to crash your computer. you do not need to be the root user to do that. That string is known as the Fork bomb. Before you get to know how that works, it would be better to know what a fork bomb does exactly.

WHAT IS A FORK BOMB?

The name sounds Fork bomb does not throw dining forks at you, when you executing the strings in terminal. In terms of nixology (Linux & Unix) the word fork means, to create a new process.Similarly, when you create a new process using ‘fork’ (actually a function that can be called on Linux/Unix-like machines), the new process is created from the image of the original one and is basically a inherited copy of the parent process.
A fork bomb will calls the fork function indefinitely and rapidly in no time, thus exhausting all system resources. It comes in the category of Denial of Service attack due to its nature of quickly ripping up system resources and making it unusable within a very short span of time.

All these special characters stands with their unique functionality in *nix operating system. Fork bomb actually associated with the concept of recursion in bash script by using functions in it.

Syntax of function in bash,

function_name()

{
Commands
}

HOW FORK BOMB WORKS?

In this case ‘:’ colon is the function name then followed by ‘()’ parentheses and curly brace ‘{‘ to open a function, then the definition of ‘:|:&’ tells the bash  to launch the ‘:’ function and ‘|’ pipe its output to the same function ‘:’ and send the process to the background defined by ‘&’, so that it can’t be killed by hitting “Ctrl + C”. Then the close curly brace ‘}’ followed by ‘:;’ which points the function again to keep the process recursive. 

To launch the bomb, all you need to do is just to copy or type   :(){ :|:& };:   this code in Terminal and hit Enter. Your session will get slow down to hell in matter of seconds and you will be left with no option but to go with warm reset. The actual time in which your system will succumb to paralysis depends on the speed of your processor, number of processing cores available and the amount of RAM installed. Even though the size of swap partition is also a factor, if it starts getting used by the bomb, the system would typically take long enough to respond for you.

Before we proceed further let me make sure that Fork bomb is not a property of Linux, the technique of creating new processes does work on Windows as well and also the same problem can be raised in other system programming languages such as C or C++, for your instance  compile the following code and execute it, you will come to know that.

FORK BOMB IN C

#include

int main(void) {

for(;;)

fork();

return 0;

}

 

HOW TO PROTECT FROM FORK BOMB?

Fork bombs hang the system by creating a ‘N’ number of processes. The worst part is that one does not even need to be the super user to launch a fork bomb. To shield your system from Fork bomb ensure that you are limiting the number of processes to the local users where they could create, you can limit around 1000 to 4000 process for the local users to create. Generally a user could work about 200-300 process at same time. However for people who do a lot of multitasking, 1000 might be little less.

To limit the number of processes according to the users, you can open the file /etc/security/limits.conf and add the following line at the bottom:

<USERNAME> hard nproc 4000

This will keep the the specified user account to restrict more than 4000 processes. Save the file and reboot the system and try with launching the Fork bomb. System should prevent the crash and withstand the attack now!

If a Fork bomb has already been launched and the restrictions for number of processes are active, you can login as root and kill all the bash processes to terminate the fork bomb. In case if a Fork bomb script is activated by a local user and you haven’t restrict the number of processes to that particular user, but still your CPU left with little time to clear the Fork bomb.

You should not use the following command to kill the script.

$killall -9 Script_Name

This will not work due the nature of a fork bomb. The reason is the killall does not hold a lock on the process table so each one that is killed a new one takes its place in the process table. Also you will not be able to run a killall due to the shell forking off another shell to run the killall.

Instead you can run these command to stop Fork bomb,

$ exec killall -9 Scrit_Name

$ exec killall STOP Script_Name

 

NOTE: That Mac OS X is not vulnerable for Fork bomb tested with Mac OS X Lion.

 

Hope you enjoyed the article, feel free to leave your comments. :)

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*