Understanding the Fork Bomb :(){ :|:& };: in Linux

Nuking my system by installing Arch Linux was not enough, so I used a Fork Bomb.

Just kidding!

You might have already seen a cute looking but dangerous Linux command which is made of just special characters:

:(){ :|:& };:

This is called bash fork bomb and it is enough to bring down your system by consuming all the system resources. It goes away after a system reboot, though.

In this article, I’ll discuss:

  • What is a fork bomb in general
  • How does the :(){ :|:& };: turn into a fork bomb
  • Why the fork bomb is likely not to do any damage (yes, your distro might be bombproof)
  • Quick tip on preventing fork bombs

What is a fork bomb?

You can think of a fork bomb as a DoS (denial of service) attack, as it replicates existing processes till your system utilizes 100% of system resources and makes it completely unusable.

Unix programs are executed through a combination of two system calls called fork and exec. One process spawns another either by replacing itself when it’s done — an exec — or, if it needs to stay around, by making a copy of itself — a fork.

The fork bomb is basically the process of creating forks after forks infinitely until your system doesn’t have anymore resources left.

Understanding the Fork Bomb :(){ :|:& };: in
Linux
fork bomb
Running Fork Bomb

Well, this is what the famous fork bomb does to your system. And if you’re curious to know those 11 spooky characters, here you go:

:(){ :|:& };:

As of now, you might have no idea how it works. Well, Let me break it down for you:

  • :() defines the function named as : and will accept no arguments.
  • {} is where the function starts and ends. In simple terms, it includes commands that will crash your machine eventually.
  • :|: is where the recursion starts (function calling itself). To be more precise, It loads a : function in memory, pipe (|) its own output to another copy of the : function which is also loaded into system memory as well.
  • & will execute the whole function in the background so that no child process is killed.
  • ; separates each child function from the chain of multiple executions.
  • And : runs recently created function, hence the chain reaction begins!
Understanding the Fork Bomb :(){ :|:& };: in
Linuxtask manager when I ran the fork bomb in my testing.

Understanding the Fork Bomb :(){ :|:& };: in
Linuxcheck this answer on tweaking systemd config.

How to Prevent fork bomb?

As everything is related to processes, you just have to limit them. And the maximum processes that can run through a signed-in user can be checked through a given command:

ulimit -u

Server Status

Aradippou Chat 1 Chat 2 Larnaca Limassol Nicosia

Chat Links

Official Links.

1. Chat 1.
2. Chat 2.

Alternative Mirror Links.

1. KiwiIRC 1.
2. KiwiIRC 2.

Other Web Clients.

1. IrcCloud.

Recent Posts

Related Posts:

Archives

Super Club Radio

CyIRC

CyIRC Tweets

Scroll Up