Jaromil designed the simplest Linux Fork bomb in 2002. The entire code was only 13 characters long, and the system crashed seconds after running it in the shell:
: () {: | : &}; :Copy the code
This doesn’t seem to make sense, so we can change the format:
: () {: | : &}; :Copy the code
A better way to understand it is this:
bomb()
{
bomb|bomb&
};
bomb
Copy the code
Because the shell function can omit the function keyword, so the above 13 of the character’s function is to define a function with calls to this function, the name of the function is:, the main core code is: | : &, it can be seen that this is the recursive call of a function itself, by & new process runs in the background, The implementation process grows geometrically through the pipe, and finally through: to call the function to detonate the bomb. As a result, the system would freeze in a few seconds because it could not handle too many processes, and the only solution was to restart it.
A Bomb
Trade.we do not make die mentality, we to run, too, so I point to cloud hosting, and I use the domestic a 2 g memory cloud hosting, first in the local open two terminals, in a terminal connection run after cloud host bombs, seconds after login and try again using a different terminal, effect can see Gif figure below:
-bash: fork: Cannot allocate memory -bash: fork: Cannot allocate memory And NOTHING happened when I tried to connect on terminal 2. Because it is a virtual cloud host, so I can only pass the host service provider’s background to restart the host power off. Then you can log in again:
The bomb damage
The result of Fork bomb is that the server resources are exhausted and the server cannot provide services properly. This is often called the Denial of Service (DoS). Unlike the traditional 1v1, which crashes the server by constantly sending requests to it, the Fork bomb has the feel of sitting on a mountain and killing the enemy without taking a single shot at it. Even more frightening is the fact that this function does not need root permission to run. I read a post about someone who Fork their signature to Fork a bomb and curious people get shot. Imagine if that person was running on a company server. Oh!
Prevention way
Of course, Fork bombs aren’t that scary, and it’s possible to write one in a minute in other languages, such as Python:
import os
while True:
os.fork()
Copy the code
The essence of Fork bombs is to create processes that grab system resources. In Linux, we can use the ulimit command to restrict certain user actions. Run ulimit -a to see what restrictions we can do:
ubuntu@10-10-57-151:~$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 7782
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 7782
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Copy the code
As you can see, the -u parameter limits the number of processes created by the user, so we can use ulimit -u 20 to allow the user to create up to 20 processes. So you can prevent the bomb. However, this is not complete, the command is invalid after closing the terminal. We can modify the/etc/security/limits file for deeper prevention, add the following line in file (ubuntu need to change your user name) :
ubuntu - nproc 20
Copy the code
If you log out and re-log in, the maximum number of processes has been changed to 20,
Bash: fork: Retry: No child processes -bash: fork: Retry: No child processes
reference
En.wikipedia.org/wiki/Fork_b…