[GPS]: A fork-bomb is a good test of a Unix-like system. You will probably want [kill_all.tcl] if you want to test it out. If your system fails to work even as root after starting it then you have problems... One way of doing it in sh is: #!/bin/sh $0 & exec $0 Another way in C is: #include #include #include int main () { while (1) { fork (); } return EXIT_FAILURE; } ---- [Jacob Levy] 2003-06-02 I think this was probably written by [GPS]. Yes it was written by GPS (marked at the top now). This is also an example of a [DoS] attack. ---- [TV] I guess the essential idea here is that one process creates another, and at a birth/death rate greater than one (exponential base 2 here). During a unix course long ago I met another example, where simply one process (a shell script, could also be tcl or wish, or one interpr creating another) creates a new one, and exits. I wasn't fooled for long, simply looked at the course of the increasing process id's, and ran a high priority kill with a just higher PID continuously to get the sys without the ghost like process train again, which of course eats up CPU time, process creation isn't free, and possibly makes some ID fold back to annoying values or fragment memory and handler space. Unless all mallocs and ID assignment works profi. The example here is of course more greedy, and will probably stop when virtual memory is exhausted, leaving the rest of the machine unable to even start a new process. I didn't check this on linux (I need windows to have the usb based internet connection going), what does it say? ---- [DKF] (5-Jun-2003): Don't think that they are that easy to avoid. It's quite simple to write a forkbomb that just forks two copies of itself and exits, so combining the trouble of both previous things by filling up the process table ''and'' not providing a target you can aim for. If you ever see one of these, pray that killing the process group works... ---- 2004-05-27: I found a beautiful forkbomb which at least works in bash: :(){ :|:& };: Do yourself a favor and run ulimit -u 100 first. [http://icculus.org/pyddr/forkbomb-bg.jpg] ---- [LV] So can we tie this topic back to tcl - perhaps some sort of tools to watch for and warn someone when this sort of thing begins to appear - maybe something for [moodss] to monitor? ---- [Category Security]