DEV Community

Cover image for What is a Fork Bomb in Linux and how to stop it?
Bobby Iliev
Bobby Iliev

Posted on • Updated on • Originally published at

What is a Fork Bomb in Linux and how to stop it?

A fork bomb (also known as a rabbit virus) is a denial-of-service attack that consists of a process that constantly replicates itself to exhaust all available system resources, slowing down or crashing the system due to resource starvation.

What is a Fork Bomb in Linux and how to stop it?

Here's an example of the most popular fork bomb in Linux:

:(){ :|:& };:`
Enter fullscreen mode Exit fullscreen mode

NOTE: do not run this on your system as it would crash the system!

Here's a quick rundown of all elements:

  • :() - Define the function. The : is the function name and the opening and closing parenthesis means that the function does not accept any arguments

  • { } - These characters show the beginning and end of the function

  • :|: - Here it loads a copy of the function : into memory and pipe its own output to another copy of the : function, which has to be loaded into memory as well

  • & - This starts the process as a background process

  • : - The final : executes the function and hence the chain reaction begins

If you have a multi-user system, the best way to protect it against such attacks is to limit the number of processes a user can have by using PAM for example.

If you are already logged into the system you could do the following to stop the fork bomb:

  • Run a SIGSTOP command to stop the processes of the user who ran the fork bomb:
killall -STOP -u someuser
Enter fullscreen mode Exit fullscreen mode

For more information about the history of the fork bomb and other examples I would recommend checking this Wikipedia page:

Top comments (5)

evanplaice profile image
Evan Plaice

Cute Forkbomb Comic

bobbyiliev profile image
Bobby Iliev

Haha that’s brilliant!!!

vgrovestine profile image
Vincent Grovestine

Ah, memories of the operating systems course from my CS undergrad: letting loose a couple dozen students on a shared Unix server to learn about fork() (in C) the hard way. ;)

_garybell profile image
Gary Bell

Not the post you want to be reading whilst waiting for updates on a production server....but I resisted temptation

efleurine profile image

I cannot not try it sorry I have too.