14
5
#include <stdlib.h>
#include <unistd.h>
int main()
{
while(1)
fork();
}
This is the code for a fork bomb.
In our college, we connect via telnet i.e client serving protocol. Some 100 systems are connected to server. Suddenly we saw the server becoming slow, and after some time it crashed. I came to know that sombody implemented a fork bomb.
How can we detect on which system the fork bomb is implemented? And how can we stop it?
One method is to limit the maximum number of processes that a single user may own. Is there any method to stop it and to know from which system it has been implemented?
19Telnet? Seriously? You should really use SSH... – ThiefMaster – 2013-03-16T14:44:09.050
See also What's the best way to clean up after a fork bomb?.
– Petr Pudlák – 2013-03-16T19:25:02.120See also http://unix.stackexchange.com/q/64611/17609
– moooeeeep – 2013-03-16T20:06:43.133well it was migrated form SO but one answer could be at kernel level. some patches have been tentatively done but none seems to meet acceptance. My point is : how to detect it : well any uer will know it can't use system anymore, so detection point is perhaps not the key point. How to recover ? Current answer is reboot, i would state : a way to tell kernel to run only one process ( the one you want to clean up the mess ) and stop all others whathever they are. This could be a feature accessible only in system console. – philippe lhardy – 2013-03-16T20:12:07.907