Fork Bomb

Arpit Bhayani

entrepreneur, educator, and tinkerer

In this essay, we explore a simple yet effective DoS attack called Fork Bomb, also called Rabbit Virus. This attack forks out processes infinitely, starving them for any resources.

Online Coding Platforms and Code Evaluators are susceptible to this attack as they accept raw code from the user and execute it. So, if you are building one, do ensure you are protected against it and infinite loops. We will also discuss how to prevent and defend against Fork Bomb in the final section of this essay.

How do they work?

Fork bombs can be summarized in just three words: Fork until possible. When executed, fork bombs continuously fork out non-terminating processes, demanding machine resources like CPU (mostly) and memory.

Fork Bomb

With so many processes competing for the CPU and other resources (if provisioned), the scheduler and CPU are put under tremendous load. After a specific limit, the entire system stalls.

Implementing Fork Bombs

Before we take a look at how to prevent or stop a Fork Bomb, let’s look at something more interesting - how to implement a Fork Bomb?

A quick detour, let’s see what fork does: Upon every invocation, the forked child process is an exact duplicate of the parent process except for a few details, but nonetheless what matters to us is that it runs the exact same code as the parent.

C implementation

A simple C implementation of a Fork Bomb could be, to fork child processes within an infinite for loop, resulting in exponential forking of child processes.

#include <unistd.h>
int main(void) {
    for (;;) {

With the fork being invoked inside the infinite for loop, every single child process and the parent process will continue to remain stuck in the infinite loop while continuously forking out more and more child processes that execute the same code and stuck in the same loop; and thus resulting in exponential child forks.

These child processes start consuming the resources and blocking the legitimate programs. This prevents the creation of any new processes. This also freezes the process that responds to Keystrokes, putting the entire system to a standstill.

Bash implementation

There is a very famous Fork Bomb implementation in Bash, and the code that does this has no alphabets or numbers in it, just pure symbols.

:(){ :|:& };:

Although the shell statement looks gibberish, it is effortless to understand. In the statement above, we are defining a function named : having body :|:& and at the end invoking it using the name :, just like any usual shell function.

As part of the function body, we are again invoking the same function : and piping its output to the input of a background process executing another instance of :. This way, we are recursively invoking the same function (command) and stalling it by creating a pipe between the two.

A cleaner way to redefine this very implementation of Fork Bomb would be

bomb() { 
    bomb| bomb& 

How to prevent them?

To protect our system against Fork Bombs, we can cap the processes owned by a certain user, thus blocking process creation at that cap.

Using the *nix utility called ulimit, we can set the maximum number of processes that a user can execute in the system, using the flag -u. By setting this value to an appropriate (lower) value, we can cap the process creation for a user, ensuring we can never be fork bombed by that user.


Courses I teach

Alongside my daily work, I also teach some highly practical courses, with a no-fluff no-nonsense approach, that are designed to spark engineering curiosity and help you ace your career.

System Design Masterclass

A no-fluff masterclass that helps experienced engineers form the right intuition to design and implement highly scalable, fault-tolerant, extensible, and available systems.

Details →

System Design for Beginners

An in-depth and self-paced course for absolute beginners to become great at designing and implementing scalable, available, and extensible systems.

Details →

Redis Internals

A self-paced and hands-on course covering Redis internals - data structures, algorithms, and some core features by re-implementing them in Go.

Details →

Arpit Bhayani

Arpit's Newsletter

CS newsletter for the curious engineers

❤️ by 90000+ readers

If you like what you read subscribe you can always subscribe to my newsletter and get the post delivered straight to your inbox. I write essays on various engineering topics and share it through my weekly newsletter.

Writings and Learnings

Knowledge Base



Arpit's Newsletter read by 90000+ engineers

Weekly essays on real-world system design, distributed systems, or a deep dive into some super-clever algorithm.