home page » operating system » linux » Linux: classic Fork bomb

Linux: classic Fork bomb

 
No comment   3762 views

Jaromil designed the most compact Linux Fork bomb in 2002. The whole code is only 13 characters long. The system will be down a few seconds after running in the shell:

  1. :() { :|:& };:

It seems that it is not easy to understand. We can change the format as follows:

  1. :()
  2. {
  3. :|:&
  4. };
  5. :

To better understand, this is:

  1. bomb ()
  2. {
  3. bomb | bomb &
  4. };
  5. bomb

Because functions in the shell can be omitted function Keyword, so the above 13 characters are functions that define a function and call the function. The name of the function is : , the main core code is :|:& It can be seen that this is a recursive call of the function itself & Start a new process in the background and run it. The process grows geometrically through pipes To call a function to detonate the bomb. Therefore, the system will crash in a few seconds because it cannot handle too many processes. The only solution is to restart.

Bomb, please

In the spirit of "never die, never die", we also run it, so I pointed at the virtual machine. I used a domestic virtual machine with 2G memory. First, open two terminals locally, run the bomb after one terminal connects to the virtual machine, and then try to log in with another terminal a few seconds later. The effect can be seen in the following Gif figure:

Look, after running for a period of time, it reports directly -bash: fork: Cannot allocate memory , indicating that the memory is insufficient. And I tried to connect on Terminal 2 without any response. Because it is a virtual virtual machine, I can only power off and restart the host through the background of the host service provider. Then you can log in again:

Bomb hazard

The consequence of the Fork bomb is that the server resources are exhausted, making the server unable to provide external services normally, which is often called DoS (Denial of Service). Unlike the traditional 1v1, which crashes the server by sending requests to the server constantly, the Fork bomb has the feeling of watching the tiger fight on the mountain without spending a single soldier to kill the enemy. What's more frightening is that this function can be run without root permission. I saw a post on the Internet saying that some people changed their personal signature to a Fork bomb. As a result, some curious people were shot. Imagine if the person who was shot was running on the company server, oh,!

Prevention methods

Of course, the Fork bomb is not so terrible. It can be written in other languages every minute. For example, the python version:

  1. import os
  2. while True :
  3. os . fork ()

The essence of the Fork bomb is to preempt system resources by creating processes. In Linux, we can ulimit Command to restrict some user behaviors, run ulimit -a You can see what restrictions we can make:

  1. ubuntu@10 - ten - fifty-seven - one hundred and fifty-one :~ $ ulimit - a
  2. core file size ( blocks , - c ) zero
  3. data seg size ( kbytes , - d ) unlimited
  4. scheduling priority (- e ) zero
  5. file size ( blocks , - f ) unlimited
  6. pending signals (- i ) seven thousand seven hundred and eighty-two
  7. max locked memory ( kbytes , - l ) sixty-four
  8. max memory size ( kbytes , - m ) unlimited
  9. open files (- n ) one thousand and twenty-four
  10. pipe size ( five hundred and twelve bytes , - p ) eight
  11. POSIX message queues ( bytes , - q ) eight hundred and nineteen thousand and two hundred
  12. real - time priority (- r ) zero
  13. stack size ( kbytes , - s ) eight thousand one hundred and ninety-two
  14. cpu time ( seconds , - t ) unlimited
  15. max user processes (- u ) seven thousand seven hundred and eighty-two
  16. virtual memory ( kbytes , - v ) unlimited
  17. file locks (- x ) unlimited

As you can see, -u Parameters can limit the number of user created processes, so we can use ulimit -u 20 To allow users to create up to 20 processes. This can prevent bombbombs. However, this is not complete. After the terminal is closed, this command will fail. We can modify /etc/security/limits.conf File for further prevention. Add the following line to the file (ubuntu needs to be replaced with your user name):

ubuntu - nproc 20

In this way, after logging out and logging back in, you will find that the maximum number of processes has changed to 20,

At this time, if we run the bomb again, we will not report insufficient memory, but will prompt -bash: fork: retry: No child processes , great, it means that Linux limits the bomb creation thread.

Original link: Linux: classic Fork bomb , Please indicate the source for reprinting!

fabulous three