Quick explanation of the fork bomb. What does the fork bomb do in GNU / Linux?
: () {: |: &} ;:
It is a type of denial of services or DoS attack, which basically what it does is saturate the available space on the computer, although it is possible to use fork bombs in any language, I will only focus on bash, by its shape that seems so strange
Although it looks very complex, it is simple it is a simple function that calls itself ... Now the fork pump human readable XD
: () {: |: &} ;:
Here a simple function ...
function () {var1 = $ 1 echo "Function"}
For anyone who knows how to read and a little programming
bomb () {bomb | pump &}; pump
As you can see, it is really simple, it creates a function that calls itself, which creates a cycle that does not stop until it reaches its goal, saturating the computer.
In summary…
: () {
It is the function called:
: |:
The function calls itself, by means of recursion and pipes. The worst part is when you call a second time ...
&
Makes the background function run, so the process cannot be terminated, until all resources are exhausted
} ;:
The function ends and it is called again ...
In case anyone was curious to see that seductive code that for a newbe could even be strange, but it is nothing that a little logic does not solve
Alfred.
In fact, it is interesting, although today if they throw a fork bomb on you, nothing would happen because there are security levels that you set where you limit the number of processes that any program can generate, only distros like Arch, Gentoo, etc. do not have these restrictions by default and you must create them.
It's funny because Tete and I spend a day shitting ourselves with laughter with this topic, many people who install Arch only install it and put the environment on it, but forget many other very important things that are necessary to configure (or at least they were necessary, the truth is that I have no idea how it is now) and that is why it was said that it was "easy and fast to install".
Anyway, I think it would have been a bit simpler to explain it with the bomb in python, which is even more explicit.
In fact, these process execution settings are usually quite important when installing a GNU / Linux distro with a minimalism like Arch and / or Gentoo has.
And by the way, the times I start to use Arch are to test the versions of programs and interfaces that have just come out of the oven. Anyway, that fork bomb is quite interesting.
Yes, it is much easier to understand in python I leave them here in case anyone is interested:
import os
while True:
—-Os.fork ()
And with recursion:
import os
def bomb ():
—-Os.fork ()
--bomb()
bomb()
And nano it should be noted that in debian 7 Stable, there is no security for this either, at least not with python, the system hangs instantly.
Greetings.
Well, I have executed a fork bomb in Ubuntu and the computer crashed instantly
To deactivate the pump, the processes in the terminal are limited with: ulimit -u 50 and pump deactivated: p.
In any case, it must be mentioned that current OSs have limited how many processes they can have active, it is a matter of launching a fork bomb on a Fedora and nothing will happen.
Without a doubt, but for example solaris and windows (which is where I have tested it) are not protected.
COOL! 🙂
Do the same; but this time make it useful, that is, run in windows and have what happens. Not on GNU / Linux.
Very curious, the proximity to the subject of computer sabotage, I don't know if that could be the case with the Gnash player: on the Vimeo site it runs videos flawlessly, but on YouTube it barely reaches a resolution of 240 pixels; In Dailymotions it does not reproduce, in my view something incomprehensible to me, since I am not a programmer.
If we do not change that, I think it is not a bad idea for free software supporters to publish our videos where it is disseminated to everyone, without discrimination.
Gnash should pay attention to it, but since its development was slow, Mozilla chose to make its own Flash player based on Javascript called Shumway. I hope Shumway will be out soon so that I can replace the Flash Player I have on GNU / Linux.
And since we are, it is not enough to say how to protect yourself, a very basic way (and especially for Noobs Archers) is to limit the number of processes, for this we go to /etc/security/limits.conf and add the following line:
* hard nproc 1000
With this, we limit the processes to that amount, for example I have it set to that amount (although the entire OS at full runs with much less, about 200-300 processes) and when applying the fork bomb, my OS remains fully functional and immune, it is clear that if we limit the number of processes to something very low it could bring some other consequence since some program would want to create processes and the OS would not let it, in my case, limited to 1000 processes it is perfect
I have put it to
* soft nproc 500* hard nproc 1000
Although the arch wiki recommends soft at 100 and hard at 200.
Although there should be no problem, I'm scared to throw a bomb to test ... xD
The easiest way to shield is by limiting the ulimits value so that the pump process can be killed.
Interesting article, to prevent it in Slackware we use ulimit in the / etc / profile file
The problem with restricting ulimit is that it can limit your use of the system depending on what you do.