http://jbakshi.50webs.com/Linux_tutoria ... kbomb.html
What is a Fork Bomb:
Code: Select all
chainreaction() { chainreaction|chainreaction& }; chainreaction
Temporary Solution
Fork Bomb is a chain reaction tool and it gradually creates new processes. It can only be controlled with restriction on maximum number of allowed processes. "ulimit" plays a nice role here. "ulimit -a" display all system resources allowed to your shell.
Code: Select all
root@debian:~$ ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 16382
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Fine tune the output to know the maximum process allowed
Output: unlimitedCode: Select all
root@debian:~$ ulimit -u
Restrict the maximum allowed process to say 200ThenCode: Select all
root@debian:~$ ulimit -u 200
Output: 200Code: Select all
root@debian:~$ ulimit -u
Now execute the one liner
Output:Code: Select all
user@debian:~$ :(){ :|:& };:
-bash: fork: Resource temporarily unavailable
-bash: fork: Resource temporarily unavailable
But the above-mentioned solution does not seem to work on Debian. Could someone provide us with a solution?Permanent Solution:
Modifying /etc/security/limits.conf is the permanent (unlike ulimit) approach to fight against Fork Bombing.
Here is an example
admin hard 300
@student soft nproc 100
@student hard nproc 150