> > Actually, yes it is hard.  I've cleaned up from several fork bombs and
> > you gotta get the right ps | grep | xargs kill right or the fork bomb
> > surives.  Even then there is a race between the ps and more processes
> > forking.  I usually have to run my ps | grep| xargs kill command
> > several times in a row to completely kill the forkbomb w/o a rate
> > limiter.
> 
> I've found that a two-stage cleanup works well:
> 
>  - SIGSTOP them all
>  - SIGKILL them all
> 
> If you start with SIGKILL, shooting processes while there are still
> live ones just creates more room for the live ones to expand into.
> 
> 

Of course, to make this really robust against a 'smart' bomb that spots 
its mates getting SIGSTOPped and SIGCONTing them, if a process is 
SIGSTOPped by root, then only root should be able to continue it again.

R.