Skip to content

Fork bomb possible with xflock4

If the setting /general/LockCommand is set to xflock4, the script will gladfully call itself until all resources on the host are used.

A workaround would be to ignore $LOCK_CMD if the resolution of the command is the script itself.

I assume something like this would solve the issue, but it is probably too naive.

LOCK_CMD="xflock4"
if [ "$(realpath "$0")" = "$(which "$LOCK_CMD")" ]; then
    LOCK_CMD=""
fi
Edited by Ludovic Bellière