Understanding Bash fork() Bomb ~ :(){ :|:& };:

Article original de 2007 mis à jour le 2012-09-02

Can you explain the following bash code or bash fork() bomb?

:(){ :|:& };:

The fork bomb is a form of denial-of-service (DoS) attack against a Linux based system. It makes use of the fork operation.

:(){ :|:& };: is nothing but a bash function. This function get executed recursively. It is often used by sys admin to test user process limitations. Linux process limits can be configured via /etc/security/limits.conf and PAM.

Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting the system as the only solution to a fork bomb is to destroy all instances of it.

WARNING! These examples may crash your computer if executed.

Understanding :(){ : :& };: fork() bomb code
  • :() – Defined the function called
  • :. This function accepts no arguments.

The syntax for bash function is as follows:

    echo 'Bar..'
    #do_something on $arg argument

fork() bomb is defined as follows:

  • : : – Next it will call itself using programming technique called recursion and pipes the output to another call of the function ‘:’. The worst part is function get called two times to bomb your system.
  • & – Puts the function call in the background so child cannot die at all and start eating system resources.
  • ; – Terminate the function definition
  • : – Call (run) the function aka set the fork() bomb.

Here is more human readable code:

bomb() { 
 bomb | bomb &
}; bomb

Properly configured Linux / UNIX box should not go down when fork() bomb sets off.


See original post