About Linux FAQ

Browse More FAQs:

Understanding Bash fork() bomb ~ :(){ :|:& };:

Posted by Vivek Gite [Last updated: February 4, 2008]

Q. Can you explain following bash code or bash fork() bomb?
:(){ :|:& };:

A. This is a bash function. It gets called recursively (recursive function). This is most horrible code for any Unix / Linux box. It is often used by sys admin to test user processes limitations (Linux process limits can be configured via /etc/security/limits.conf and PAM).

Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting, as the only solution to a fork bomb is to destroy all instances of it.

WARNING! These examples may crash your computer if executed.

Understanding :(){ :|:& };: fork() bomb code

:() - It is a function name. It accepts no arguments at all. Generally, bash function is defined as follows:

foo(){
 arg1=$1
 echo ''
 #do_something on $arg argument
}

fork() bomb is defined as follows:

:(){
 :|:&
};:

:|: - Next it call itself using programming technique called recursion and pipes the output to another call of the function ':'. The worst part is function get called two times to bomb your system.

& - Puts the function call in the background so child cannot die at all and start eating system resources.

; - Terminate the function definition

: - Call (run) the function aka set the fork() bomb.

Here is more human readable code:

bomb() {
 bomb | bomb &
}; bomb

Properly configured Linux / UNIX box should not go down when fork() bomb sets off.

Related: How to: Prevent a fork bomb by limiting user process under Linux.

Update: Check out comment # 5 for more fork bomb examples under Perl, Windows XP and C.

Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

Related Other Helpful FAQs:

Discussion on This FAQ

  1. mastrboy Says:

    i tested this on a fresh install of CentOS and it totaly crashed :P

    How about a nice “howto” for protecting against this attacks?

  2. raj Says:

    I second the vote for a nice howto.

    Cheers

  3. queue Says:

    Thirded!

    How to prevent a “fork bomb”.

  4. Bharat Says:

    Yes How to must be started, for the benefits of the innocent users, as the viruses are spread by entities whose brains are configured differently.

  5. l33t Says:

    Perl exmaple:

    perl -e "fork while fork" &

    Python example:

    import os
      while(1):
          os.fork()

    Windows XP / Vista bat file example:

    :bomb
    start %0
    goto bomb

    UNIX style for Windows:

    %0|%0

    C program example:

    #include
     int main() {   while(1)      fork();  } 

    Plz note that the fork bomb is a form of denial of service, so don’t run on production or unauthorized system.

  6. Ofloo Says:

    An other one is that when you have set a quota for your mailboxes and crontab is generating mail over and over eventually the quota will exceed, after a while the mailq will fill up with 1000’s of mail and the system will crash.

  7. kunal Says:

    Hi,

    i run it on my testing server and it start consuming my server process.
    so one thing is clear from this form bomb that it starting issuing new processes rather than threads.

    how we prevent our sites from such fork attacks

    Thanks in advance

  8. vivek Says:

    kunal,

    Read http://www.cyberciti.biz/tips/linux-limiting-user-process.html

  9. Bash Says:

    I tried this on a virtual instance of SLAX, and it totally killed it.

  10. bort Says:

    perl inline…

    perl -e “fork while fork” &

  11. ATOzTOA Says:

    Sleek code :)

    I tried on FC4. Took only 1 minute as root.

    In WinXP, I waited till 7 minutes. Displayed some errors and all, but was responding. Tried MS Word, Task Manager, nothing could be executed. The machine was useless untill reset.

  12. bradley Says:

    This works very quickly on all windows:

    :bomb
    %0 | %0
    goto bomb

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Tags: , ,

Copyright © 2006-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.