HOME

TheInfoList



OR:

In computing, a fork bomb (also called rabbit virus or wabbit) is a
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
wherein a
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management * Business process, activities that produce a specific s ...
continually replicates itself to deplete available system resources, slowing down or crashing the system due to
resource starvation In computer science, resource starvation is a problem encountered in concurrent computing where a process is perpetually denied necessary resources to process its work. Starvation may be caused by errors in a scheduling or mutual exclusion algor ...
.


History

Around 1978, an early variant of a fork bomb called wabbit was reported to run on a
System/360 The IBM System/360 (S/360) is a family of mainframe computer systems that was announced by IBM on April 7, 1964, and delivered between 1965 and 1978. It was the first family of computers designed to cover both commercial and scientific applica ...
. It may have descended from a similar attack called RABBITS reported from 1969 on a Burroughs 5500 at the
University of Washington The University of Washington (UW, simply Washington, or informally U-Dub) is a public research university in Seattle, Washington. Founded in 1861, Washington is one of the oldest universities on the West Coast; it was established in Seattle ...
.


Implementation

Fork bombs operate both by consuming CPU time in the process of forking, and by saturating the
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
's process table. A basic implementation of a fork bomb is an
infinite loop In computer programming, an infinite loop (or endless loop) is a sequence of instructions that, as written, will continue endlessly, unless an external intervention occurs ("pull the plug"). It may be intentional. Overview This differs from: ...
that repeatedly launches new copies of itself. In
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
-like operating systems, fork bombs are generally written to use the fork
system call In computing, a system call (commonly abbreviated to syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, ac ...
. As forked processes are also copies of the first program, once they resume execution from the next address at the
frame pointer In computer science, a call stack is a stack data structure that stores information about the active subroutines of a computer program. This kind of stack is also known as an execution stack, program stack, control stack, run-time stack, or mac ...
, they continue forking endlessly within their own copy of the same infinite loop; this has the effect of causing an exponential growth in processes. As modern Unix systems generally use a copy-on-write resource management technique when forking new processes, a fork bomb generally will not saturate such a system's memory.
Microsoft Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for se ...
operating systems do not have an equivalent functionality to the Unix fork system call; a fork bomb on such an operating system must therefore create a new process instead of forking from an existing one. A classic example of a fork bomb is one written in
Unix shell A Unix shell is a command-line interpreter or shell that provides a command line user interface for Unix-like operating systems. The shell is both an interactive command language and a scripting language, and is used by the operating system to ...
:();:, possibly dating back to 1999, which can be more easily understood as: fork() fork In it, a function is defined (fork()) as calling itself (fork), then
piping Within industry, piping is a system of pipes used to convey fluids (liquids and gases) from one location to another. The engineering discipline of piping design studies the efficient transport of fluid. Industrial process piping (and accompan ...
(, ) its result to a background
job Work or labor (or labour in British English) is intentional activity people perform to support the needs and wants of themselves, others, or a wider community. In the context of economics, work can be viewed as the human activity that cont ...
of itself (&). The code using a colon : as the function name is not valid in a shell as defined by POSIX, which only permits alphanumeric characters and underscores in function names. However, its usage is allowed in
GNU Bash Bash is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. First released in 1989, it has been used as the default login shell for most Linux distributions. Bash was o ...
as an extension. The first formulation of the Unix shell fork bomb has been proposed as an anonymous art work.


Prevention

As a fork bomb's mode of operation is entirely encapsulated by creating new processes, one way of preventing a fork bomb from severely affecting the entire system is to limit the maximum number of processes that a single user may own. On Linux, this can be achieved by using the ''ulimit'' utility; for example, the command ulimit -u 30 would limit the affected user to a maximum of thirty owned processes. On PAM-enabled systems, this limit can also be set in /etc/security/limits.conf, and on FreeBSD, the system administrator can put limits in /etc/login.conf. Modern Linux systems also allow finer-grained fork bomb prevention through
cgroups cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. Engineers at Google started the work on this ...
and process number (PID) controllers.{{cite web , date=2019-10-08 , title=Process Number Controller in Documentation/ as appeared in Linux kernel 5.3 , url=https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/pids.html , access-date=October 8, 2019 , archive-date=October 8, 2019 , archive-url=https://web.archive.org/web/20191008121821/https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/pids.html , url-status=live


See also

*
Deadlock In concurrent computing, deadlock is any situation in which no member of some group of entities can proceed because each waits for another member, including itself, to take action, such as sending a message or, more commonly, releasing a l ...
*
Logic bomb A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a sala ...
*
Time bomb (software) In computer software, a time bomb is part of a computer program that has been written so that it will start or stop functioning after a predetermined date or time is reached. The term "time bomb" does not refer to a program that stops functioning ...


References

{{Reflist


External links

* {{GitHub, aaronryank/fork-bomb, Fork bomb examples {{DEFAULTSORT:Fork bomb Denial-of-service attacks Process (computing)