Fork bombs can also very easily be standalone shell scripts

Kenny_Strawn · 12-12-2010, 12:47 AM

https://bugs.launchpad.net/ubuntu/+s...sh/+bug/689176

allend · 12-12-2010, 02:47 AM

For other languages and mitigation see http://en.wikipedia.org/wiki/Fork_bomb

unSpawn · 12-12-2010, 05:01 AM

Fork bombs are a problem but it's an old problem so I modded this threads title and removed the slightly alarmist "Security alert" part which we should reserve for threats with a higher priority.

Kenny_Strawn · 12-12-2010, 09:48 PM

You're missing the point. The file I attached is named forkbomb.sh (and it was a test script) with the following code inside it:

Code:

#!/bin/bash

./forkbomb.sh|./forkbomb.sh&

What makes this dangerous is that the script (1) can be given a different (even misleading) name and (2) can be crafted to perform highly CPU-intensive tasks (such as opening programs with each instance of itself) or even delete files on top of executing all the instances of itself that it does.

TobiSGD · 12-12-2010, 10:25 PM

Let me see this clear, during your experiments you have discovered that:

A shell script can have any name you give it, even if it is a misleading name.
A shell script can execute other scripts and programs, even itself.
A script can delete files.

And you filed a bug against it. How do you think anyone can get rid of these bugs? What use would a shell script have, if it could not execute other programs or even do such simple actions as deleting files?

I think you didn't get the point here, the bug is in this case not in the computer, but in front of it.
You can get rid of all these bugs with a simple rule of conduct: Don't execute ever a shell script from an untrusted source.