黑基网 首页 服务器 Linux 查看内容

Linux fork死循环炸弹及其预防

2011-3-8 11:39| 投稿: Linux

摘要:   在Linux系统下执行这段代码 :(){ :|:& };: 就会引起死机,一旦执行起来后,唯一的方法就是重启系统。实际上这段代码是一段无限递归代码,将系统资源耗尽。  本文下面有这段代码的...
  在Linux系统下执行这段代码 :(){ :|:& };: 就会引起死机,一旦执行起来后,唯一的方法就是重启系统。实际上这段代码是一段无限递归代码,将系统资源耗尽。  本文下面有这段代码的详细解释,为了防止fork炸弹,方法就是限制用户能够启动的进程数。具体做法,编辑/etc/security/limits.conf文件,在末尾加入 :  * hard nproc 200  将用户的进程数限制为200,经过测试,root账户不受这个限制。  Q. Can you explain following bash code or bash fork() bomb?  :(){ :|:& };:  A. This is a bash function. It gets called recursively (recursive function). This is most horrible code for any Unix / Linux box. It is often used by sys admin to test user processes limitations (Linux process limits can be configured via /etc/security/limits.conf and PAM).  Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting, as the only solution to a fork bomb is to destroy all instances of it.  WARNING! These examples may crash your computer if executed.  Understanding :(){ :|:& };: fork() bomb code  :() - It is a function name. It accepts no arguments at all. Generally, bash function is defined as follows:  foo(){  arg1=$1  echo ''  #do_something on $arg argument  }  fork() bomb is defined as follows:  :(){  :|:&  };:  :|: - Next it call itself using programming technique called recursion and pipes the output to another call of the function ':'. The worst part is function get called two times to bomb your system.  & - Puts the function call in the background so child cannot die at all and start eating system resources.  ; - Terminate the function definition  : - Call (run) the function aka set the fork() bomb.  Here is more human readable code:  bomb() {  bomb | bomb &  }; bomb  Properly configured Linux / UNIX box should not go down when fork() bomb sets off.
小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论


新出炉

返回顶部