How to protect Ubuntu from fork bomb


You can look into ulimit -a. On my system (Ubuntu 12.04), it gives:

$ ulimit -a
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 29951
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 29951
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

When you look at "max user processes" (ulimit -u), you will see, that I can create at most 29951...

0 0

What is fork bomb attack?

The fork bomb attack is a form of denial-of-service attack which uses the fork functionality to recursively create running processes by a single process. This attack works by creating a large number of processes very quickly in order to saturate the available space of the OS’s process table. Once the process table becomes saturated, no new programs may start until another process terminates. Also, fork bomb processes will make use of the processor time and memory so that the legitimate processes will not be able to run properly. Fork bomb attack can occur in bash shell, C++, perl, python, etc.

Examples of fork bomb.

In this article, we will learn about a bash fork bomb and its working. Following is a well-known example of a fork bomb.

:(){ :|:& };:

We can see the functionality of the above 13 characters to see how it works as a fork bomb.

:() => This defines the function. “:” is the function name and the empty...

0 0

If you are not thrilled with the real bomb, you can try typing this :(){ :|:& };: on your Linux terminal to crash your computer. you do not need to be the root user to do that. That string is known as the Fork bomb. Before you get to know how that works, it would be better to know what a fork bomb does exactly.


The name sounds Fork bomb does not throw dining forks at you, when you executing the strings in terminal. In terms of nixology (Linux & Unix) the word fork means, to create a new process.Similarly, when you create a new process using ‘fork’ (actually a function that can be called on Linux/Unix-like machines), the new process is created from the image of the original one and is basically a inherited copy of the parent process.
A fork bomb will calls the fork function indefinitely and rapidly in no time, thus exhausting all system resources. It comes in the category of Denial of Service attack due to its nature of quickly...

0 0


Skip to questions, Wiki by user kees-cook

Ubuntu has many Security Features, and a Security Team dedicated to keeping users safe and up to date. Please feel free to get involved, or read through the Ubuntu Security FAQ.


Q: What is the difference between "gksudo nautilus" and "sudo nautilus"?

Tags: security (Next Q), sudo (Next Q), gksu (Next Q)

I've been using gksudo nautilus and sudo nautilus through Alt+F2.

What's the difference? They look very similar!

Tags: security (Next Q), sudo (Next Q), gksu (Next Q)

User: drkenobi

Answer by chris-wilson

Taken from here:

You should never use normal sudo to start graphical applications as root. You should use gksudo (kdesudo on Kubuntu) to run such programs. gksudo sets HOME=/root, and copies .Xauthority to a tmp directory. This prevents files in your home directory becoming owned by root.

Please note that this is primarily about...

0 0

I heard someone talking about a fork bomb, I did some research and found some dreadful information about some strange looking characters people can have you type at the command line and as a result do bad things on the computer. I certainly would not issue commands I do not understand but one never knows what can happen.

I heard that some OS allows the administrator to place some limit on user processes to mitigate the effects of fork bombs, is this protection in Ubuntu by default or would a person with sudo privilege have to set this? If so, how?

You can easily limit the amount of processes that can be spawned in Ubuntu and most other Linux distributions by modifying /etc/security/limits.conf

sudoedit /etc/security/limits.conf

Then add this line to the bottom of that file:

* hard nproc nnn


hard sets the limit at the kernel level so that it cannot be changed without rebooting. nproc is the maximum number of processes per user.

nnn is a...

0 0

Here is a simple way to crash your Linux system as a non-root user with a bash function called recursively.

$ :(){ :|:& };:

:() is a function which gets called recursively from its body and cannot be killed since it is running on the background with &. : is actually the name of the function.
Here is the same function call in human readable format:

forkbomb(){ forkbomb | forkbomb & }; forkbomb

As you can see the function is calling its self twice in the body. This will start consume all resources of your system and eventually force your Linux system to crash. To get more understanding type simple function on your command line. The following function is harmless:

$ fork_bomb(){ echo "FORK BOMB"; }; $ fork_bomb FORK BOMB

You can take same measures to ensure that your Linux users would not exploit fork bomb. Fork bomb is not a bug nor weakness of Linux system. The responsibility is in hands of systems administrators to limit number of processes available for...

0 0