Understanding Bash fork() Bomb ~ :(){ :|:& };:
Article original de 2007 mis à jour le 2012-09-02
Can you explain the following bash code or bash fork() bomb?
:(){ :|:& };:
The fork bomb is a form of denial-of-service (DoS) attack against a Linux based system. It makes use of the fork operation.
:(){ :|:& };:
is nothing but a bash function.
This function get executed recursively.
It is often used by sys admin to test user process limitations.
Linux process limits can be configured via /etc/security/limits.conf
and PAM.
Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting the system as the only solution to a fork bomb is to destroy all instances of it.
WARNING! These examples may crash your computer if executed.
Understanding :(){ : | :& };: fork() bomb code |
- :() – Defined the function called
- :. This function accepts no arguments.
The syntax for bash function is as follows:
foo(){
arg1=$1
arg2=$2
echo 'Bar..'
#do_something on $arg argument
}
fork() bomb is defined as follows:
:(){
:|:&
};:
-
: : – Next it will call itself using programming technique called recursion and pipes the output to another call of the function ‘:’. The worst part is function get called two times to bomb your system. - & – Puts the function call in the background so child cannot die at all and start eating system resources.
- ; – Terminate the function definition
- : – Call (run) the function aka set the fork() bomb.
Here is more human readable code:
bomb() {
bomb | bomb &
}; bomb
Properly configured Linux / UNIX box should not go down when fork() bomb sets off.