How a 13-Character Fork Bomb Crashes Linux and How to Prevent It

In 2002 Jaromil designed an extremely compact Linux fork bomb consisting of only 13 characters. When executed, it defines a function and recursively spawns processes, quickly exhausting system resources and causing the system to crash.

Because the function keyword can be omitted in the shell, the 13 characters represent a function definition and its invocation. The core payload is

:

|: &

, which recursively forks processes via background execution and pipes, causing geometric growth of processes.

Running the bomb on a 2 GB cloud VM demonstrates the effect: after a few seconds the system reports -bash: fork: Cannot allocate memory and becomes unresponsive, requiring a forced reboot.

The fork bomb creates a denial‑of‑service condition by exhausting CPU and memory, and it can be launched without root privileges.

Prevention can be achieved by limiting the number of processes a user may create. Using ulimit -a shows the current limits, and setting ulimit -u 20 restricts a user to 20 processes. For a permanent solution, add a line such as ubuntu - nproc 20 to /etc/security/limits.conf. After applying the limit, the bomb fails with -bash: fork: retry: No child processes, indicating the restriction is effective.

Reference: http://en.wikipedia.org/wiki/Fork_bomb