科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网安全频道Linux fork炸弹及其预防

Linux fork炸弹及其预防

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

  在Linux系统下执行这段代码 :(){ :|:& };: 就会引起死机,一旦执行起来后,唯一的方法就是重启系统。实际上这段代码是一段无限递归代码,将系统资源耗尽。

来源:zdnet整理 2011年7月3日

关键字: 系统安全 linux安全

  • 评论
  • 分享微博
  • 分享邮件

  在Linux系统下执行这段代码 :(){ :|:& };: 就会引起死机,一旦执行起来后,唯一的方法就是重启系统。实际上这段代码是一段无限递归代码,将系统资源耗尽。

  本文下面有这段代码的详细解释,为了防止fork炸弹,方法就是限制用户能够启动的进程数。具体做法,编辑/etc/security/limits.conf文件,在末尾加入 :

  * hard nproc 200

  将用户的进程数限制为200,经过测试,root账户不受这个限制。

  Q. Can you explain following bash code or bash fork() bomb?

  :(){ :|:& };:

  A. This is a bash function. It gets called recursively (recursive function). This is most horrible code for any Unix / Linux box. It is often used by sys admin to test user processes limitations (Linux process limits can be configured via /etc/security/limits.conf and PAM).

  Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting, as the only solution to a fork bomb is to destroy all instances of it.

  WARNING! These examples may crash your computer if executed.

  Understanding :(){ :|:& };: fork() bomb code

  :() - It is a function name. It accepts no arguments at all. Generally, bash function is defined as follows:

  foo(){

  arg1=$1

  echo ''

  #do_something on $arg argument

  }

  fork() bomb is defined as follows:

  :(){

  :|:&

  };:

  :|: - Next it call itself using programming technique called recursion and pipes the output to another call of the function ':'. The worst part is function get called two times to bomb your system.

  & - Puts the function call in the background so child cannot die at all and start eating system resources.

  ; - Terminate the function definition

  : - Call (run) the function aka set the fork() bomb.

  Here is more human readable code:

  bomb() {

  bomb | bomb &

  }; bomb

  Properly configured Linux / UNIX box should not go down when fork() bomb sets off.

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章