How a 13‑Character Fork Bomb Crashes Linux and How to Stop It

Minimal 13‑Character Fork Bomb

In 2002 Jaromil created a 13‑character fork bomb for Linux that, when executed, recursively spawns processes until the system runs out of resources and crashes. :(){ :|:& };: Because the function keyword can be omitted in Bash, the code defines a function named : that calls itself ( :) and pipes its output to a background process ( &), causing exponential process growth.

Demonstration

Running the bomb on a 2 GB cloud VM quickly exhausts memory, producing the error -bash: fork: Cannot allocate memory and rendering the server unresponsive.

Impact

The fork bomb creates a denial‑of‑service condition without requiring root privileges, making it a potent threat if executed on production servers.

Mitigation

A Python equivalent demonstrates the same principle:

import os
while True:
    os.fork()

On Linux you can limit the number of processes a user may create with ulimit. For example, ulimit -u 20 caps the process count at 20. To make the limit persistent, add a line such as username - nproc 20 to /etc/security/limits.conf.

After applying the limit, attempting to run the bomb results in -bash: fork: retry: No child processes, indicating the system has successfully blocked the attack.

References

Wikipedia: http://en.wikipedia.org/wiki/Fork_bomb

Author: saymagic blog.saymagic.cn/2015/03/25/fork-bomb.html