Fork Bomb
What is Fork Bomb?
Fork BombA denial-of-service technique in which a process repeatedly forks itself, exhausting process tables, memory, and CPU on the host.
A fork bomb is malicious or accidental code that spawns child processes recursively, doubling on each cycle until kernel limits, memory, or CPU are saturated and the system becomes unresponsive. The classic POSIX one-liner :(){ :|:& };: illustrates the pattern: a function calls two copies of itself and disowns them. Fork bombs do not propagate over networks like worms; they are localized, but very effective on multi-user hosts and CI runners. Mitigations include per-user process limits (ulimit -u, cgroups, PAM pam_limits), Linux cgroup PIDs controller, account isolation, untrusted-code sandboxes and rate-limiting of spawn syscalls.
● Examples
- 01
The bash one-liner `:(){ :|:& };:` used as a textbook DoS demonstration.
- 02
Buggy CI scripts that accidentally fork inside an infinite loop.
● Frequently asked questions
What is Fork Bomb?
A denial-of-service technique in which a process repeatedly forks itself, exhausting process tables, memory, and CPU on the host. It belongs to the Malware category of cybersecurity.
What does Fork Bomb mean?
A denial-of-service technique in which a process repeatedly forks itself, exhausting process tables, memory, and CPU on the host.
How do you defend against Fork Bomb?
Defences for Fork Bomb typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Fork Bomb?
Common alternative names include: Wabbit, Rabbit virus.