Software Development

How I Destroyed my Linux System with a Single Command

The Notorious “Fork Bomb” Explained

How I Destroyed my Linux System with a Single Command
This image has been generated by AI.
DISCLAIMER ⚠️: THIS FUNCTION COULD LEAD TO DATA LOSS. DO NOT RUN THE FUNCTION IN THIS ARTICLE UNLESS YOU ARE IN A SAFE ENVIRONMENT AND KNOW WHAT YOU ARE DOING.

Before we start, lets take a look at the damage a fork bomb does to your system.

Watch from T2:48 to see how a fork bomb crashes the system of Engineer Man.

If you try it, your system will crash and force a hard reboot, potentially causing irreversible data loss.

I was dumb enough to run this on my system, however I was lucky to not to lose any data. Please do not run this yourself.

In this article, we will learn about why fork bombs are so deadly, alongside preventative measures so your system becomes immune to them.

Without further ado… Let’s dive right in!


:(){ :|:& };:

The command shown in the heading is known as a Bash “Fork Bomb.”

A fork bomb is a denial-of-service attack where a process continuously creates child processes at an exponential rate, consuming system resources like CPU, memory, and process slots, ultimately causing the system to crash.

It’s important to note that fork bombs are not exclusive to Bash. You can write a fork bomb in python, Windows CMD… but we'll use the Bash version in this tutorial since it’s the most common one.

To understand it well, lets break down the function and explain each component one-by-one:

  • ":" is the name of the function. You can use any other name like “FORK” instead.
  • "() { }" defines a function with no parameters.
  • ": | : &" recursively calls the function and pipes its output back into itself, creating two child processes each time it's called. Piped processes are launched in parallel, which leads to exponential growth.
  • "&" runs the function call in the background, allowing it to continue replicating without waiting for the previous process to complete.

This function will therefore consume resources exponentially, which will break your system in a few seconds.

Using your new knowledge, watch from T2:48 and try to understand what is happening by looking at the process table to the left:

How to Prevent a Fork Bomb Yourself

There are 3 ways to stop a fork bomb from consuming all your resources and crashing your system:

  1. Setting session-specific user limits
  2. Setting persistent user limits
  3. Setting system-wide persistent limits

Setting session-specific user limits

All solutions use the ulimit -u command to limit the maximum number of processes a user can have.

By reducing the number of available processes, the impact of a fork bomb is minimized. A fork bomb is only effective if it can consume all system resources, which requires most of the process slots.

To set limits for the current bash session:

  1. Run ulimit -u to check the maximum number of processes you can have (e.g., 30593).
  2. Run ulimit -u NUM, where NUM is significantly lower than your maximum (e.g., 1024).

Setting persistent user limits

The above method works unless the user reopens their terminal and runs the fork bomb again.

To set persistent user limits, add the same ulimit command to your ~/.bashrc or ~/.bash_profile file.

Setting persistent user limits

Configuring system-wide limits is similar to setting user limits, but involves editing a different file that manages system-wide process rules.

Typically, you would run sudo nano /etc/security/limits.conf and add the following user limits:

Remember to replace “username” with the user you wish to limit.

Conclusion

The fork bomb is a dangerous command, yet anyone can run it on a linux system even without superuser privilege!

It’s important to prevent users from running this command, since it could lead to server downtime, and potentially permanent data loss.


If you enjoyed this article, please make sure to Subscribe, Clap, Comment and Connect with me today! 🌐
Want to ship code like a hacker? Visit Next Inject today!