> Actually, yes it is hard.  I've cleaned up from several fork bombs and
> you gotta get the right ps | grep | xargs kill right or the fork bomb
> surives.  Even then there is a race between the ps and more processes
> forking.  I usually have to run my ps | grep| xargs kill command
> several times in a row to completely kill the forkbomb w/o a rate
> limiter.

I've found that a two-stage cleanup works well:

 - SIGSTOP them all
 - SIGKILL them all

If you start with SIGKILL, shooting processes while there are still
live ones just creates more room for the live ones to expand into.