DEV Community

Cover image for What is a Fork Bomb in Linux and how to stop it?

What is a Fork Bomb in Linux and how to stop it?

bobbyiliev profile image Bobby Iliev Originally published at Updated on ・1 min read

A fork bomb (also known as a rabbit virus) is a denial-of-service attack that consists of a process that constantly replicates itself to exhaust all available system resources, slowing down or crashing the system due to resource starvation.

What is a Fork Bomb in Linux and how to stop it?

Here's an example of the most popular fork bomb in Linux:

:(){ :|:& };:`
Enter fullscreen mode Exit fullscreen mode

NOTE: do not run this on your system as it would crash the system!

Here's a quick rundown of all elements:

  • :() - Define the function. The : is the function name and the opening and closing parenthesis means that the function does not accept any arguments

  • { } - These characters show the beginning and end of the function

  • :|: - Here it loads a copy of the function : into memory and pipe its own output to another copy of the : function, which has to be loaded into memory as well

  • & - This starts the process as a background process

  • : - The final : executes the function and hence the chain reaction begins

If you have a multi-user system, the best way to protect it against such attacks is to limit the number of processes a user can have by using PAM for example.

If you are already logged into the system you could do the following to stop the fork bomb:

  • Run a SIGSTOP command to stop the processes of the user who ran the fork bomb:
killall -STOP -u someuser
Enter fullscreen mode Exit fullscreen mode

For more information about the history of the fork bomb and other examples I would recommend checking this Wikipedia page:

Discussion (5)

evanplaice profile image
bobbyiliev profile image
Bobby Iliev Author

Haha that’s brilliant!!!

vgrovestine profile image
Vincent Grovestine

Ah, memories of the operating systems course from my CS undergrad: letting loose a couple dozen students on a shared Unix server to learn about fork() (in C) the hard way. ;)

_garybell profile image
Gary Bell

Not the post you want to be reading whilst waiting for updates on a production server....but I resisted temptation

efleurine profile image

I cannot not try it sorry I have too.

Forem Open with the Forem app