Fork bomb on a Mac?

There are many safeguards that can be put in place to prevent the fork bomb from working.

The simplest is:

ulimit -u 1024

limiting the number of user processes to 1024.

As far as going around the system safeguards there are certainly ways you can find of doing that but I don't think that anyone here will give you a way to do it but basically your system runs out of PIDs and can't spawn any more processes and basically grinds to a complete halt given that your bomb is taking 100% of the CPU trying to spawn more of itself.


How a fork bomb works: in C (or C-like) code, a function named fork() gets called. This causes linux or Unix or Unix-a-likes to create an entirely new process. This process has an address space, a process ID, a signal mask, open file descriptors, all manner of things that take up space in the OS kernel's somewhat limited memory. The newly created process also gets a spot in the kernel's data structure for processes to run. To the process that called fork(), it looks like nothing happened. A fork-bomb process will try to call fork() as fast as it can, as many times as it can.

The trick is that the newly created process also comes back from fork() in the same code. After a fork, you have two processes running the same code. Each new fork-bomb process tries to call fork() as fast as it can, as many times as it can. The code you've given as an example is a Bash-script version of a fork bomb.

Soon, all the OS kernel's process-related resources get used up. The process table is full. The waiting-to-run list of processes is full. Real memory is full, so paging starts. If this goes on long enough, the swap partition fills up.

What this looks like to a user: everything runs super slowly. You get error messages like "could not create process" when you try simple things like ls. Trying a ps causes an interminable pause (if it runs at all) and gives back a very long list of processes. Sometimes this situation requires a reboot via the power cord.

Fork bombs used to be called "rabbits" back in the old days. Because they reproduced so rapidly.

Just for fun, I wrote a fork bomb program in C:

#include <stdio.h>
#include <unistd.h>
int
main(int ac, char **av)
{
        while (1)
                fork();

        return 0;
}

I compiled and ran that program under Arch Linux in one xterm. I another xterm I tried to get a process list:

1004 % ps -fu bediger
zsh: fork failed: resource temporarily unavailable

The Z shell in the 2nd xterm could not call fork() successfully as the fork bomb processes associated with the 1st xterm had used up all kernel resources related to process created and running.


If you're REALLY desperate to see how the fork bomb works, try running it as root, e.g. sudo :(){ :|:& };:, but again, be warned. Tried it myself on Ubuntu. The system WILL FREEZE!

A simple dissection for you:

:() { #Define a new shell function
  :|:& #Pipe function named ':' through itself, creating two copies of itself, and make them run in the background
} #End of function definition block
;: #Call the ':' function. Note how the function is defined with two calls to itself piped through each other. This starts a chain reaction: those two copies will in turn create two more, and so on, as infinitum

Be aware of this when attempting to do such harm...