Creating, Exploding and Defusing – The Fork Bomb

A fork bomb is a simple, Japanese emoticon looking, notorious, malicious, destructive, yet beautiful code. The motive is simple – keep on eating the system resources until the system runs out of resources and crashes.

In unix and likewise systems fork is an operation where process creates a copy of itself. Basically fork is a primary source of process creating in unix(and likewise OS).



:(){ :|:& };:

If you try this on your terminal, your system may stall and eventually crash, proving the bomb did its work (i.e. exploded) successfully. This kind of attack is called Denial-of-Service attack. As the name suggests, the attack intends to make all the resources busy or unavailable to the authorized user, hence interrupting or suspending the service.



Understanding the Bomb

This bomb is essentially a function calling itself recursively and the pipeline is made background. That said, lets visualize our code in this format:

:()          # Define a function
{ :|:& };    # The body of the function
:            # Invoking the function

If its still not clear to you, here’s the thing, our function name is ‘:’. Lets replace it with something else, say bomb, to make our code more readable.

bomb() {
bomb | bomb&

The trick here lies in invoking the process recursively and putting it in background. The ampersand operator is doing that for us. Since the function is being called recursively it will keep on creating new processes  and background them which will eventually eat all the resources and crash the system. If we do not put the process in background and just keep calling it recursively, it will still mess up the system but all the processes will immediately end after a stack overflow, which any system can deal with easily. Making the process background, however makes it immortal.


Defusing the bomb

The problem with this program is that even if you get all the PIDs and run a kill command, by the time the command executes many new child process will get created, which makes it difficult to stop.

One way is to freeze all the processes and then running a kill command. This can be done as follows:

killall -STOP processWithBombName   # Freezes all the notorious processes
killall -KILL processWithBombName    # Kills all freezes processes

However, there’s obviously a time constraint after which nothing can be done except a reboot!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s