BestHub
Sign in
Information Security 6 min read

How a 13‑Character Fork Bomb Crashes Linux and How to Stop It

The article explains the 13‑character fork bomb created by Jaromil in 2002, shows how it exhausts system resources by recursively forking processes, demonstrates its impact on a cloud VM, and provides practical prevention methods using ulimit and limits.conf.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How a 13‑Character Fork Bomb Crashes Linux and How to Stop It

Minimal Linux Fork Bomb

The smallest known fork bomb for Linux consists of only 13 characters. When executed in a POSIX‑compatible shell it creates an exponential number of processes until the kernel can no longer allocate resources, causing the system to become unresponsive and typically requiring a reboot. :() { :|:& };: This one‑liner defines a shell function named :. The function calls itself ( :) and pipes its own output back into itself ( |) while the trailing & runs each invocation in the background. Each iteration spawns two new processes, leading to geometric growth of the process tree.

Readable Formatting

:()
{
  :|:&
};
:

Using a more descriptive name makes the intent clearer:

bomb()
{
  bomb|bomb&
}
 bomb

Demonstration on a Cloud VM

Running the bomb on a 2 GB virtual machine quickly exhausts the process table. After a few seconds the shell reports: -bash: fork: Cannot allocate memory Because the VM is isolated, the only recovery method is to power‑cycle the instance from the provider’s console.

Impact of a Fork Bomb

A fork bomb creates a denial‑of‑service (DoS) condition from within the host. Unlike network‑based DoS attacks, it consumes CPU time and kernel memory by spawning processes, and it can be launched by any unprivileged user.

Mitigation Using ulimit

The standard Linux protection is to limit the number of processes a user may create. The ulimit builtin shows the current limits: ulimit -a Among the displayed values, the -u (max user processes) entry controls process creation. Setting a lower value prevents the bomb from spawning unlimited processes, e.g.: ulimit -u 20 This change affects only the current shell session. To make it permanent, add a line to /etc/security/limits.conf (replace username with the actual account name): username - nproc 20 After logging out and back in, the new limit is enforced. Attempting to run the bomb now yields: -bash: fork: retry: No child processes indicating that the kernel has blocked further process creation.

Fork Bomb in Other Languages

The same principle can be expressed in other programming languages. A minimal Python version is:

import os
while True:
    os.fork()

Reference

For additional background, see the Wikipedia article on fork bombs: http://en.wikipedia.org/wiki/Fork_bomb

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

linuxShellulimitfork bombDoS
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment