Shell – Executing a “fork bomb” safely

cgroupslinuxshell

We've all seen the "fork bomb" that will render a host non-responsive, even if executed in an unprivileged shell:

Warning: Do not execute the following shell script. Just don't.

:(){ :|:& };:

I'm also aware of cgroups, the Linux kernel-level process grouping structure that can assign "controllers" to limit memory, CPU consumption, I/O scheduling priority, etc.

Theoretically, it should be possible to use this control mechanism to allow a user to execute a fork bomb in their own shell without it bringing the host system to a crawl.

Since I'm not really aware of how a fork bomb consumes resources, I'm not sure how to use cgroups to do this.

Best Answer

As far as I'm concerned, I think cgroups would be overkill here. However, I tend to use ulimit whenever I run something witk a fork system call in it (bad experiences made it a habit...) :

$ ulimit -u 2500
$ ./mypotentiallydeadlyprogram

This way, I put a 2500 processes limit on my current shell. Thanks to this, my fork calls will end up failing if they get too numerous, hence preventing the system from going down, and allowing me to furiously hit Ctrl + C.

On my machine, I find 2500 to be a good limit, but you might want to increase/decrease this value according to what your machine can take, and how far you want your fork bomb to go. Also remember that your machine needs to spawn things to survive, don't suffocate it. I have seen people writing this in their ~/.bashrc, therefore restricting even their session's main bash. While this was very funny to the sysadmin, the user was very unhappy to freeze after login.

While ulimit can be used to set up a temporary limit, you can set something more permanent if you have root access (and want to enforce the limit on specific users). This can be done through /etc/security/limits.conf:

# <domain>      <type>      <item>      <value>
youruser        soft        nproc       2500
youruser        hard        nproc       2750

In the above setup, youruser has got a soft limit of 2500 processes (max. 2750). This file allows you to set up various kinds of limits, for various entities on your system (users, groups, ...). Have a look at its documentation if you need more information. Note however that this is system-wide configuration, which means that this limit isn't applied per-shell for youruser.

By the way, /proc/sys/kernel/pid_max will contain the maximum PID which can be granted by your kernel. Since PIDs are reusable, you may consider this really close from your maximum number of processes.

Related Solutions

Fork Bomb Analysis – Where is the fork() in ‘:(){ :|: & };:’?

As a result of the pipe in x | y, a subshell is created to contain the pipeline as part of the foreground process group. This continues to create subshells (via fork()) indefinitely, thus creating a fork bomb.

$ for (( i=0; i<3; i++ )); do
>     echo "$BASHPID"
> done
16907
16907
16907
$ for (( i=0; i<3; i++ )); do
>     echo "$BASHPID" | cat
> done
17195
17197
17199

The fork does not actually occur until the code is run, however, which is the final invocation of : in your code.

To disassemble how the fork bomb works:

:() - define a new function called :
{ :|: & } - a function definition that recursively pipes the calling function into another instance of the calling function in the background
: - call the fork bomb function

This tends to not be too memory intensive, but it will suck up PIDs and consume CPU cycles.

Bash – How to stop Fork Bomb out of memory error – RHEL 6

Is there anyway to stop this without rebooting the machine?

It's not quite impossible, and you can do it via luck -- i.e., you manage to kill all the processes before another one is spawned.¹ But you have to get very very lucky, so it is not a reliable or worthwhile effort [maybe slm is luckier than me here, lol -- TBH I haven't tried that hard]. If you play around with priorities, your chances could improve (see man nice), although I suspect this will also mess with the efficacy of the fork bomb.

A better idea might be to use one that times out. For an example in C, see footnote number 5 to my answer here.² You can do the same thing with a shell script, albeit would not be as short as :(){ :|:& };::

#!/bin/bash

export fbomb_duration=$1
export fbomb_start=$(date +%s)

go () {
    now=$(date +%s)
    if [[ $(($now-$fbomb_start)) -gt $fbomb_duration ]]
        then exit 0;
    fi
    go &
}

while ((1)); do
    go
done

Execute that with one argument, a number of seconds. All forks will die after that time.

¹ In fact, it can happen all on its own, eventually, if the kernel OOM killer gets lucky. But don't hold your breath.

² The method used there to hamstring that particular bomb (by setting vm.overcommit_memory=2) will almost certainly not work in general, but you could try. I'm not since I'd like to leave my system running for now ;)

Best Answer

Related Solutions

Fork Bomb Analysis – Where is the fork() in ‘:(){ :|: & };:’?

Bash – How to stop Fork Bomb out of memory error – RHEL 6

Related Question