Senior Linux Admin Interview Question #2

January 14, 2011   

You can see all the questions I have compiled here.

Question

You are already logged into a server and a user runs a fork bomb script. How can you stop the fork bomb without restarting the server or bringing any services offline that are currently running?

You also know the name of the running fork bomb script.

Reason for the this question

This will tell you how well the canidate knows about the signals Linux uses with processes. I would think most people would say the easy thing

killall -9 scriptName

This will not work due the nature of a fork bomb. The reason is the killall does not hold a lock on the process table so each one that is killed a new one takes its place in the process table.

Also you will not be able to run a killall due to the shell forking off another shell to run the killall

This question also tells you if the admin knows about Linux internals. That just running a killall will fork a new process buy running exec killall will run the killall in the current process and not fork out a new one

Answer

So for this I will use a fork bomb script that is written in C. Below is an example

#include <unistd.h>

int main(void)
{
  for(;;)
    fork();
  return 0;
}

We can compile it like

gcc -o fork fork.c

So the way to stop it is sending a SIGSTOP signal to each fork bomb process and once they are all stopped you can send a SIGKILL to each process.

So if you run a

killall -STOP fork

You will get a error message like resources not avaliable so you cannot run that. You can run it with exec.

exec killall -STOP fork
exec killall -9 fork

That will stop the fork bomb.



comments powered by Disqus