Jump to content

Talk:Fork bomb

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Cdwn (talk | contribs) at 23:05, 15 October 2012 (Readdition of unreferenced "defusal" section: new section). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

WikiProject iconComputing: Security Unassessed
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computer Security.


Java Applet example

I do not think the Java Applet example is a fork bomb: 1) It does not spawn processes. 2) Even if you are liberal and define a "new thread" to count as a "new process", this example's new threads do not spawn new threads themselves, which is the signature "forking" element of the fork bomb. It is my opinion that this example is designed to deny CPU cycles rather than deny process table entries and/or thread handles. I intend to remove this example in a month or so, unless someone can convince me that this code really does represent a fork bomb. -MC (talk) 05:01, 24 July 2010 (UTC)[reply]

On Windows with older VM's new processes are spawned as opposed to threads. I'll change the example to its modern equivalent this week as the example is now outdated. You are correct in assuming that on some hosts it may act as a local DOS on the CPU. KingOverload (talk) 07:11, 10 August 2010 (UTC)[reply]
A larger issue is that the program doesn't actually exhibit forking behavior, which is a key element of a fork bomb. When a fork bomb spawns a new process/thread, that new process/thread should spawn a new process/thread, and etc. In this example, the spawned threads do not spawn new threads, but rather sit in a tight loop (presumably to achieve CPU starvation as quickly as possible.) I understand that introducing forking to the example quickly leads to OutOfMemoryExceptions, which makes the example ineffectual as an denial of service attack. However, if I had to choose between two examples: one exhibits correct forkbombing logic, but does not effectively deny service, and the another that effectively denies service but that has pseudo-forkbomb logic, I would opt for correctness of fork bomb logic over effectiveness of denial of service. -MC (talk) 03:12, 14 August 2010 (UTC)[reply]


Can anyone prevent a fork bomb in windows? If so please put it on the main page —Preceding unsigned comment added by 79.97.217.123 (talk) 00:10, 28 November 2008 (UTC)[reply]


I got here from wabbit but this is not explained. Can someone please do so! --HappyDog 17:12, 31 Jan 2004 (UTC)

Fixed. Better late than never :) Sietse 12:47, 28 Sep 2004 (UTC)
The fork bomb in windows batch file made my computer crash, very interesting. I don't know how it works though should that be added? Jasonxu98 (talk) 00:28, 10 November 2010 (UTC)[reply]

Why the "%0|%0" windows example was removed (by Andrew Hampe)? Is it not the most concise example for the windows platform and worth including? --LKRaider (talk) 12:41, 10 December 2007 (UTC)[reply]

Yo right, it's back... --213.220.241.158 (talk) 15:14, 17 January 2008 (UTC)[reply]
It's not necessary to make the fork bomb work, so why is it there? Skootles (talk) 02:47, 4 January 2009 (UTC)[reply]
And as Windows (DOS) processes pipes single-threadedly, the remainder of the pipe waiting for the previous processes to exit before launching the next step, "%0|%0" will actually only have a single thread running at any time. 131.207.223.232 (talk) 06:44, 11 March 2009 (UTC)[reply]
That's not exactly true. "%0|%0" has entirely different effects on DOS and Windows. DOS is a single task operating system - basically it's always running one thread, the operating system by itself doesn't implement any scheduling. On DOS, "%0|%0" does what you said, it just puts the computer in a single-thread infinite loop. On Windows, however, "%0|%0" really implements a fork bomb, because the OS executes the 2 commands simultaneously; the 2nd process will be only suspended, if it tries to read from the standard input, while the 1st process haven't produced any standard output yet. For a proof, type: "notepad | notepad" - two Notepads will open at a time, and both will be fully operational. If you were right, the 2nd Notepad should only open after the 1st one gets closed.
Anyway, the DOS example should be really removed, because fork bombs only work on OS-es those implement at least preemptive multitasking. --MegaBrutal (talk) 18:02, 12 January 2011 (UTC)[reply]



Why do you include two versions in perl? Both of them are in fact the same. 89.77.174.218 (talk) 09:40, 27 February 2008 (UTC)[reply]


Article mentions that bash fork bomb was created by Jaromil in 2002. I was able to find posts of a polish white hat - lcamtuf from 1999 in usenet, in which he had this fork bomb in his signature. Necc (talk) 17:25, 13 March 2008 (UTC)[reply]

If you can cite a source of this update the page ;) You might want to tell Jaromil too! - MattOates (Ulti) (talk) 18:54, 13 March 2008 (UTC)[reply]

It doesn't say that he came up with that piece of code. I just remember him having it a long time ago before apparently it was invented :] Here's an example, although you can find it in most of his emails from that period: http://groups.google.co.uk/group/muc.lists.bugtraq/browse_thread/thread/87d51562dd3599a/044c5404a9860dd4 Necc (talk) 20:12, 17 March 2008 (UTC)[reply]

Hi there its interesting to note that the forkbomb circulated before I've published it as an art-piece and I love to acknowledge that whenever I'm presenting it, however after a recent edit that whole lot of story about this forkbomb getting into the art-scene has disappeared http://en.wikipedia.org/w/index.php?title=Fork_bomb&diff=478538756&oldid=478067768 I think this is sad, I've always found it relevant to inform people that code can also be art and poetry and this way there is no more trace of this rather unique episode. also the articles on Software art and Net art are not mentioning it. As an artist I kindly ask to be quoted when my artwork is presented, nevertheless thats not a requirement for you here. so well, do as you like, I'm enough of a target on my page being called autobiography all the way, just sayin'. thanks, ciao jaromil (talk) 16:53, 25 July 2012 (UTC)[reply]

The Erlang fork bomb should be removed; the processes created by Erlang are restrained to the virtual machine and only dispatched and load balanced by the VM itself. They're NOT OS level threads. Hitting the limit of Erlang processes will thus only crash the Erlang VM and will not influence anything else. I believe the example should be removed, as it's misleading and doesn't fit the definition. —Preceding unsigned comment added by Mononcqc (talkcontribs) 16:35, 19 April 2009 (UTC)[reply]

The bash fork bomb cure does not work...

I tried it both before and after fork bombing. It just says: -bash: !: event not found

One of the examples under the defuse section is just completely wrong. The dot (.) command does NOT "call the current directory", it's an alias for the built-in "source" command. Seriously, people should test these examples. Also, people who haven't got a clue should avoid making things up in their haste to appear smart.

What is actually the '!'? —Preceding unsigned comment added by Ehasl (talkcontribs) 20:11, 25 April 2008 (UTC)[reply]

The syntax "&!" in zsh disowns (i.e., avoids job control) on the new child process. This is necessary to avoid overflowing the shell's job control tables. With bash, you can use "... & disown" instead.


Getting rid of a forkbomb on Linux systems even if the process table is full is possible. 1. Press Ctrl+Alt+F1. After a while you should see the login: prompt (if something else is there use Ctrl+Alt+F2 etc until you find one) 2. Login as root. Once again, this might take awhile 3. Issue kill -9 -1. This might take a while again but once it is done, the forkbomb is dead, as is everything else 4. issue init 1 followed by init 5 to restart system services —Preceding unsigned comment added by 64.139.38.226 (talk) 23:22, 11 August 2008 (UTC)[reply]

While a forkbomb is running

Should Wikipedia include what errors, etc. come up during a fork bomb? IE: Windows Command Line in Vista states that "The process tried to write to a nonexistent pipe." This usually occurs late in the fork bomb. 24.183.100.243 (talk) 02:24, 20 January 2009 (UTC)[reply]

Neither it works in Windows 7 also:

C:\Users\Dyr>:s C:\Users\Dyr>start %0
Не удается найти файл %0.

C:\Users\Dyr>goto :s

C:\Users\Dyr>%0|%0
"%0" не является внутренней или внешней командой, исполняемой программой или пакетным файлом.

C:\Users\Dyr>
--217.119.16.26 (talk) 12:21, 6 April 2010 (UTC)[reply]

This doesn't apply to Windows at all. Get a real OS. — Preceding unsigned comment added by 217.42.5.13 (talk) 06:45, 12 March 2012 (UTC)[reply]

How-to tagging

Removed the how-to tag, these are elegant examples that aid description, programming is about instruction it is an unavoidable consequence that this resembles a how to. You would not stigmatise an arts page as how-to because they have a gallery of examples. I agree its got a bit out of hand on this page with the fanboy attitude of adding every language under the sun :S but deciding what languages are significant is another story. MattOates (Ulti) (talk) 08:04, 3 June 2009 (UTC)[reply]

Why are examples included

I know that Fork Bombs are relatively harmless since they can be terminated through a log off, or a reboot, but is it really a good thing to produce so many examples of them on this one page. It just seems like any sort of malicious code, virus, or bomb should not be posted in a place like this. 143.112.32.4 (talk) 20:53, 5 January 2010 (UTC)[reply]

i agree what if terrist git this kode and bomb murrica!!!! —Preceding unsigned comment added by 86.42.170.162 (talk) 19:45, 12 February 2010 (UTC)[reply]

The NASM assembly example

Why do you push and pop from the stack? Isn't this better?

section .text

global _start

_start:

mov eax,2
int 0x80
jmp _start

? —Preceding unsigned comment added by 85.167.25.91 (talk) 14:51, 2 July 2010 (UTC)[reply]

Memory hogging?

Don't most fork bombs allocate each process memory with Malloc or whatever language specific memory allocation function that language uses? So shouldn't the C/C++ examples malloc themselves, I don't know, 100 MB?Mmavipc (talk) 05:55, 2 September 2010 (UTC)[reply]

I removed most of the stuff about this since pretty much every operating system implementation uses copy on write nowadays. Cdwn (talk) 14:43, 26 September 2012 (UTC)[reply]

bash broke the classic bomb

The classic ":(){ :|:& };:" bomb doesn't seem to work on newer bash versions anymore - it gives a syntax error. --187.15.115.138 (talk) 18:10, 25 September 2010 (UTC)[reply]

':' is a Bash builtin synonymous to true. That definition overrides it (though you can still access it with "command"). Not sure why you would pick : as the function name but it probably isn't a very good idea. For some reason that name is the canonical definition for this recursive forkbomb but might break on some configurations. Ormaaj (talk) 22:56, 3 February 2011 (UTC)[reply]
: is not synonymous with true, it is a noop that just happens to return true. Cdwn (talk) 02:35, 19 September 2012 (UTC)[reply]
Please see man true. true is a command, which always returns exit code 0 (success). : is a builtin doing exactly the same. Nyh (talk) 21:38, 20 September 2012 (UTC)[reply]
If you are using bash, the manual page does not document the version of true that you are probably using, as true is also a shell builtin. Compare strace bash -c : and strace bash -c true; they do not perform the same internally. Either way, my intention was only to correct a factual inaccuracy, not engage in pedantry over function vs. form (or the meaning of what it is to be "synonymous"...). Cdwn (talk) 14:22, 26 September 2012 (UTC)[reply]

Minor

I removed the M forkbomb, because it was wrong. A real one would look like this:

f f j f

but I think that the whole examples section is OR, so I'm just going to leave it out. 24.177.120.138 (talk) 07:50, 17 April 2011 (UTC)[reply]

The Lisp version is single threaded

And it should probably be referred to as common lisp, rather than just lisp. It can't be made multi-threaded, let alone multi-process, as forking and threading are undefined in the standard. Maybe it should be deleted or changed to an implementation dependent version? —Preceding unsigned comment added by 138.37.91.30 (talk) 16:14, 26 April 2011 (UTC)[reply]

ABAP Version

ABAP Version was just an infinite loop and not a fork bomb. Given the fixed number of process slots Netweaver has with a roll-in/roll-out mechanism a forkbomb does not quite make sense - it would not bring the system completely to its knees, it would just drastically degrade performance. I guess a semi fork-bomb can be made using CALL FUNCTION .. IN BACKGROUND TASK. — Preceding unsigned comment added by 41.185.97.170 (talk) 09:07, 22 September 2011 (UTC)[reply]

"In general C++..."

I will be editing this because it doesn't use any functions or syntax specific to C++, and also it uses the C standard library to actually use the system() function. Also, I have general issues with it: I'm not sure it's a proper fork bomb as it consumes one thread and only one of the processes is using the CPU; all the others appear to be idle. None daemonise from the calling shell. --Adamd1008 (talk) 18:14, 7 October 2011 (UTC)[reply]

Defusing: Citation needed

Apparently, in testing on twelve different systems here (old systems i didnt mind imploding), defusing the fork bomb as mentioned in the section where the fork bomb is this:

:(){ :|: & };:

does not work. This was posed as a solution:

:(){ . & };

***This does not work***. -- TrekCaptainUSA (without login, due to a bug in the web browser being used)

Misleading graphic

The graphic in the intro doesn't represent a canonical fork bomb properly, it represents one using wait(), which doesn't make any sense. The graphic should probably be fixed to actually represent what a canonical fork bomb looks like. Cdwn (talk) 02:33, 19 September 2012 (UTC)[reply]

Actually, it doesn't even look like one using wait()... if the intention is to demonstrate the exponential nature of a fork bomb, this is a good graphic, but in terms of actual accuracy it is somewhat lacking. Cdwn (talk) 04:35, 27 September 2012 (UTC)[reply]

Removing/making examples section more terse

Is it really a good idea to have a vast "examples" section? I see them only in other articles that describe features that are programming language related, but a fork bomb is not a programming feature, it's a computing phenomena. If there are no objections, I would seek to remove it, and replace it with descriptive pseudocode. Cdwn (talk) 14:34, 26 September 2012 (UTC)[reply]

I've removed the section in question and replaced it with generalised implementation details. Cdwn (talk) 03:31, 27 September 2012 (UTC)[reply]

Original research in "Defusing" section

The whole "Defusing" section appears to be original research. I'll try and find some references and clean it up, but otherwise failing that I'll just remove it. Cdwn (talk) 14:46, 26 September 2012 (UTC)[reply]

I've removed it. Cdwn (talk) 18:29, 27 September 2012 (UTC)[reply]

Prevention section is highly Unix-biased

Ideally there should also be information about fork bomb prevention on other common systems (Windows in particular). I didn't find any good references on the subject after a quick skim, but I'll keep on looking. Cdwn (talk) 18:30, 27 September 2012 (UTC)[reply]


Comment from user

well done for messing up a good page from a user. you are so fail. — Preceding unsigned comment added by 86.148.12.80 (talk) 15:05, 1 October 2012 (UTC)[reply]

Assuming that you're talking to me, since I have been the only one working on this article in the past few weeks. I can only apologise if what I've done has in your view detracted from the quality of the article. This has been my first "serious" attempt at editing on Wikipedia in a long time, so it is entirely possible that I may have missed a few things or got some things wrong. There was quite a large amount of unreferenced content, and after a lot of searching I couldn't find any references for them, so one of the major things that I have done is removed large quantities of unreferenced original research; perhaps this is what you're referring to. If you can find some reliable references for the content, I would highly encourage you to readd the content with those attached. Otherwise, if it was something else that I did which negatively impacted on your view of this article, please let me know and I'll do my best to rectify it where possible. — cdwn 20:36, 4 October 2012 (UTC)[reply]

Readdition of unreferenced "defusal" section

A few weeks ago, I removed unreferenced content in the form of a "defusal" section in the article (see here). This content was today readded by another editor. Does my original removal under WP:OR seem appropriate? Would there be further objections to the re-removal of the content? — cdwn 23:05, 15 October 2012 (UTC)[reply]