Linux fork炸弹及其预防方法

　　在Linux系统下执行这段代码 :{ :|:& };： 就会引起死机，一旦执行起来后，唯一的方法就是重启系统。实际上这段代码是一段无限递归代码，将系统资源耗尽。

　　本文下面有这段代码的详细解释，为了防止fork炸弹，方法就是限制用户能够启动的进程数。具体做法，编辑/etc/security/limits.conf文件，在末尾加入 ：

　　* hard nproc 200

　　将用户的进程数限制为200，经过测试，root账户不受这个限制。

　　Q. Can you explain following bash code or bash fork() bomb?

　　:{ :|:& };:

　　A. This is a bash function. It gets called recursively (recursive function). This is most horrible code for any Unix / Linux box. It is often used by sys admin to test user processes limitations (Linux process limits can be configured via /etc/security/limits.conf and PAM).

　　Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting, as the only solution to a fork bomb is to destroy all instances of it.

　　WARNING! These examples may crash your computer if executed.

　　Understanding :{ :|:& };: fork() bomb code

　　: - It is a function name. It accepts no arguments at all. Generally, bash function is defined as follows:

　　foo(){

　　arg1=

　　echo ''

　　#do_something on $arg argument

　　}

　　fork() bomb is defined as follows:

　　:{

　　:|:&

　　};:

　　:|: - Next it call itself using programming technique called recursion and pipes the output to another call of the function ':'. The worst part is function get called two times to bomb your system.

　　& - Puts the function call in the background so child cannot die at all and start eating system resources.

　　; - Terminate the function definition

　　: - Call (run) the function aka set the fork() bomb.

　　Here is more human readable code:

　　bomb() {

　　bomb | bomb &

　　}; bomb

　　Properly configured Linux / UNIX box should not go down when fork() bomb sets off.