A Linux fork bomb is one of the oldest and most succinct ways to crash a Linux system. It is a type of denial of service attack that works by spawning more and more processes, until eventually all the resources on the system are tied up and it crashes.
In this tutorial, you will see how to crash a Linux system using a fork bomb. We will also go over some steps that you can take to prevent things like fork bombs and an inordinate number of processes from being spawned and crashing your system.
In this tutorial you will learn:
- How to crash a Linux system with a fork bomb
- How to prevent a Linux crash due to fork bomb
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Any Linux system |
| Software | N/A |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
How to crash a Linux system with a fork bomb
Be sure to only test this code on a test machine or virtual machine. Using it on another system, even for testing purposes, will make you look like an attacker that is trying to crash the system. And, in some cases, you might succeed.
The following line of code is a short and sweet fork bomb:
$ :(){ :|:& };:
At first glance, this may look like gibberish and pretty harmless to execute, but let’s take a look at what is really going on here:
:is the name of the function:|:calls the function itself and spawns another process&puts the process into the background, so that it cannot be killed as easily;marks the end of the function:calls the function again
Keep in mind that other types of fork bombs exist. For example, you can program them in Perl, Python, and other languages. The one we have shown here is the most commonly used and will work in the Bash shell.
Here is the same function call in a more human readable format:
forkbomb(){ forkbomb | forkbomb & }; forkbomb
As you can see, the function is calling itself twice in the body. This will start to consume all resources on your system and eventually force your Linux system to crash.
Your results may vary, depending on the configuration of the Linux system, what distro you are using, etc. On our Ubuntu test system, executing the fork bomb locked up the system, and eventually started flooding the terminal with these messages:
bash: fork: retry: Resource temporarily unavailable.
Even after closing the terminal, the system was too sluggish and unresponsive to do anything, and we were forced to reboot. When the system came back up, we got the following error message:
Some Linux distros are programmed to inherently prevent fork bombs. On those systems, the kernel will kill all the spawned processes to try and prevent your system from crashing.
How to prevent a Linux crash due to fork bomb
A fork bomb is effective because it is able to spawn an unlimited number of processes. Eventually, your system can’t process all of them, and will crash. Therefore, we can prevent these types of crashes by limiting the number of processes that a user or group of users is able to spawn.
The best way to impose a limit on the number of processes a user can spawn is by editing the /etc/security/limits.conf file.
- As an example, let’s try putting a limit on the number of processes that users in the “corporate” group can spawn. Adding this line to the file would only allow the users in the group to spawn a maximum of 30 processes.
@corporate hard nproc 30
- What if we want to impose a process limit on a particular user? In this case, we would put their username in the first value. Here is the line we woul duse to limit a user named
linuxconfigto spawning a maximum of 40 processes.linuxconfig hard nproc 40
For more examples, check out our guide on the Linux ulimit command, which shows how to enforce more types of limits inside the limits.conf file, or impose temporary limits with the ulimit command.
Closing Thoughts
In this tutorial, we saw how to crash a Linux system with a fork bomb command. We also learned how a fork bomb works, and ways to prevent users from using them to crash a system. Fork bombs are not a bug nor weakness of a Linux system. The responsibility is in the hands of a system administrator to limit the number of processes available for a user to spawn.
