fork bomb on:
[Wikipedia]
[Google]
[Amazon]
In
Fork bombs operate both by consuming CPU time in the process of forking, and by saturating the
fork()
fork
In it, a function is defined (
In computing
Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, hardware and softw ...
, a fork bomb (also called rabbit virus) is a denial-of-service (DoS) attack wherein a process
A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic.
Things called a process include:
Business and management
* Business process, activities that produce a specific s ...
continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation
In computer science, resource starvation is a problem encountered in concurrent computing where a process is perpetually denied necessary resources
''Resource'' refers to all the materials available in our environment which are Technology, te ...
.
History
Around 1978, an early variant of a fork bomb called wabbit was reported to run on aSystem/360
The IBM System/360 (S/360) is a family of mainframe computer systems announced by IBM on April 7, 1964, and delivered between 1965 and 1978. System/360 was the first family of computers designed to cover both commercial and scientific applicati ...
. It may have descended from a similar attack called RABBITS reported from 1969 on a Burroughs 5500 at the University of Washington
The University of Washington (UW and informally U-Dub or U Dub) is a public research university in Seattle, Washington, United States. Founded in 1861, the University of Washington is one of the oldest universities on the West Coast of the Uni ...
.
Implementation
Fork bombs operate both by consuming CPU time in the process of forking, and by saturating the operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
's process table. A basic implementation of a fork bomb is an infinite loop
In computer programming, an infinite loop (or endless loop) is a sequence of instructions that, as written, will continue endlessly, unless an external intervention occurs, such as turning off power via a switch or pulling a plug. It may be inte ...
that repeatedly launches new copies of itself.
In Unix
Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
-like operating systems, fork bombs are generally written to use the fork system call
In computing, a system call (syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, accessing a hard disk drive ...
. As forked processes are also copies of the first program, once they resume execution from the next address at the frame pointer
In computer science, a call stack is a stack data structure that stores information about the active subroutines and inline blocks of a computer program. This type of stack is also known as an execution stack, program stack, control stack, run- ...
, they continue forking endlessly within their own copy of the same infinite loop. this has the effect of causing an exponential growth
Exponential growth occurs when a quantity grows as an exponential function of time. The quantity grows at a rate directly proportional to its present size. For example, when it is 3 times as big as it is now, it will be growing 3 times as fast ...
in processes. As modern Unix systems generally use a copy-on-write
Copy-on-write (COW), also called implicit sharing or shadowing, is a resource-management technique used in programming to manage shared data efficiently. Instead of copying data right away when multiple programs use it, the same data is shared ...
resource management technique when forking new processes, a fork bomb generally will not saturate such a system's memory.
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
operating systems do not have an equivalent functionality to the Unix fork system call; a fork bomb on such an operating system must therefore create a new process instead of forking from an existing one, such as with batch echo %0^, %0 > $_.cmd & $_. In this batch script, %0, %0 is written to $_.cmd, which is then executed by & $_.
A classic example of a fork bomb is one written in Unix shell
A Unix shell is a Command-line_interface#Command-line_interpreter, command-line interpreter or shell (computing), shell that provides a command line user interface for Unix-like operating systems. The shell is both an interactive command languag ...
:();:, possibly dating back to 1999, which can be more easily understood as
fork()) as calling itself (fork), then piping
Within industry, piping is a system of pipes used to convey fluids (liquids and gases) from one location to another. The engineering discipline of piping design studies the efficient transport of fluid.
Industrial process piping (and accomp ...
(, ) its result into itself, all in a background job
Work, labor (labour in Commonwealth English), occupation or job is the intentional activity people perform to support the needs and desires of themselves, other people, or organizations. In the context of economics, work can be seen as the huma ...
(&).
The code using a colon : as the function name is not valid in a shell as defined by POSIX, which only permits alphanumeric characters and underscores in function names. However, its usage is allowed in GNU Bash
In computing, Bash (short for "''Bourne Again SHell''") is an interactive command interpreter and command programming language developed for UNIX-like operating systems. Created in 1989 by Brian Fox for the GNU Project, it is supported by the Fre ...
as an extension.
Prevention
As a fork bomb's mode of operation is entirely encapsulated by creating new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own. On Linux, this can be achieved by using the ''ulimit'' utility; for example, the commandulimit -u 30 would limit the affected user to a maximum of thirty owned processes.
On PAM-enabled systems, this limit can also be set in /etc/security/limits.conf,
and on *BSD, the system administrator can put limits in /etc/login.conf.
Modern Linux systems also allow finer-grained fork bomb prevention through cgroups
cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, etc.) of a collection of processes.
Engineers at Google started the work on this feature ...
and process number (PID) controllers.
See also
* Zip bomb * Billion laughs attack *Deadlock (computer science)
In concurrent computing, deadlock is any situation in which no member of some group of entities can proceed because each waits for another member, including itself, to take action, such as sending a message or, more commonly, releasing a lock. ...
* Logic bomb
* Time bomb (software)
References
External links
* {{DEFAULTSORT:Fork bomb Denial-of-service attacks Process (computing)