What is Fork Bomb and How to Avoid It

What is Fork Bomb and How to Avoid It

The fork bomb is a recursive bash function. It is a DoS attack against linux operating system. Definition of fork bomb:

:(){ :|:& };:

What do all these symbols mean?

  • :() – defines function called “:”
  • :|: – recursive sends output to “:”
  • & – puts function to background
  • ; – terminate the function definition
  • : – at the end calls the function

Be careful this example may crush your computer. We can prevent against fork bomb limiting the number of processes for user (or group of users) in file /etc/security/limits.conf.

For example, we want to limit the number of process to 300:

likeIT hard nproc 30

“likeIT” is name of user. If you want to apply this limitation to the group, use “@groupName”.

There is an example of the whole configuration file:

Let’s explain some important keywords from /etc/security/limits.conf file:

[domain] [type] [item] [value]

The domain can be:

  • a user name
  • a group name – use @group syntax

Type can have these two values:

  • soft – for enforcing the soft limits
  • hard – for enforcing hard limits

Item can be:

  • core – limit the core file size (KB)
  • fsize – maximum filesize (KB)
  • cpu – max CPU time (MIN)
  • nproc – max number of processes

Leave a Comment