Fork bomb

Source: Wikipedia, the free encyclopedia.
"Rabbit virus" redirects here. For the disease used in an attempt to exterminate rabbits in Australia, see Myxomatosis.

The concept behind a fork bomb — the processes continually replicate themselves, potentially causing a denial of service

In

resource starvation
.

History

Around 1978, an early variant of a fork bomb called wabbit was reported to run on a

Burroughs 5500 at the University of Washington.[1]

Implementation

Fork bombs operate both by consuming CPU time in the process of forking, and by saturating the operating system's process table.[2][3] A basic implementation of a fork bomb is an infinite loop that repeatedly launches new copies of itself.

In

frame pointer, they continue forking endlessly within their own copy of the same infinite loop; this has the effect of causing an exponential growth in processes. As modern Unix systems generally use a copy-on-write resource management technique when forking new processes,[4]
a fork bomb generally will not saturate such a system's memory.

Microsoft Windows operating systems do not have an equivalent functionality to the Unix fork system call;[5] a fork bomb on such an operating system must therefore create a new process instead of forking from an existing one.

A classic example of a fork bomb is one written in Unix shell :(){ :|:& };:, possibly dating back to 1999,[6] which can be more easily understood as 

fork() {
    fork | fork &
}
fork

In it, a function is defined (fork()) as calling itself (fork), then

job
(&).

The code using a colon : as the function name is not valid in a shell as defined by POSIX, which only permits alphanumeric characters and underscores in function names.

GNU Bash as an extension.[8]

Prevention

As a fork bomb's mode of operation is entirely encapsulated by creating new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own. On Linux, this can be achieved by using the ulimit utility; for example, the command ulimit -u 30 would limit the affected user to a maximum of thirty owned processes.[9] On PAM-enabled systems, this limit can also be set in /etc/security/limits.conf,[10] and on *BSD, the system administrator can put limits in /etc/login.conf.[11] Modern Linux systems also allow finer-grained fork bomb prevention through cgroups and process number (PID) controllers.[12]

See also

References

  1. ^ a b Raymond, Eric S. (October 1, 2004). "wabbit". The Jargon Lexicon. Archived from the original on May 15, 2012. Retrieved October 15, 2013.
  2. ISBN 978-0470023242
    .
  3. ^
    ISBN 978-1602670006
    .
  4. ISBN 0-07-061194-7
    .
  5. ISBN 1565926218
    .
  6. ^ Michal Zalewski (August 19, 1999). "[RHSA-1999:028-01] Buffer overflow in libtermcap tgetent()". Newsgroupmuc.lists.bugtraq. Retrieved December 10, 2022. bash$ :(){ :|:&};:}
  7. ^ "The Open Group Base Specifications Issue 7, 2018 edition IEEE Std 1003.1™-2017 Section 3.235". The Open Group/IEEE. Name: In the shell command language, a word consisting solely of underscores, digits, and alphabetics from the portable character set. The first character of a name is not a digit.
  8. ^ "The GNU Bash Reference Manual, Section 3.3". Retrieved December 11, 2022. When the shell is in POSIX mode (see Bash POSIX Mode), fname must be a valid shell name and may not be the same as one of the special builtins (see Special Builtins). In default mode, a function name can be any unquoted shell word that does not contain '$'.
  9. ISBN 1430319305
    .
  10. ISBN 978-0071767590
    .
  11. ISBN 978-1593271510
    .
  12. ^ "Process Number Controller in Documentation/ as appeared in Linux kernel 5.3". October 8, 2019. Archived from the original on October 8, 2019. Retrieved October 8, 2019.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Fork_bomb&oldid=1194163833"