Implementing fork bombs is relatively easy for an experienced hacker. We won’t go into detail here (since we don’t want to give anyone the wrong idea), but often, just a tiny bit of code is required.
Can You Prevent a Fork Bomb?
You can't sit over the shoulder of every developer and keep them from including code that could harm you. But you can do two important things to ensure that a fork bomb is less likely to take your system down.
Start by limiting the maximum number of processes a single user can own. This is a remarkably easy task in Linux. If you keep your users from owning more than a handful of processes, they can't get an attack like this off the ground.
You can also limit memory use per process. If a process needs more than the limit you've set, you're likely dealing with a duplication, and you can deny execution right away. This simple step can also keep a fork bomb from depleting server capacity.
If an attacker hits you with a fork bomb, you will need to reset your server. And unfortunately, you'll need to remove every instance of the code to make the attack stop.
If you're looking for even more ways to protect yourself in a Linux environment, consider our white paper about enforcing least-privilege access for Linux servers. And don't be afraid to reach out to Okta if you have questions.
References
Understanding Bash Fork Bomb Code. (January 2019). NixCraft.
Security Against Fork Bomb Attack in Linux-Based Systems. (April 2019). International Journal of Research in Advent Technology.
