Understanding Bash fork() Bomb :(){ :|:& };: code

:(){ :|:& };:

:(){ :|:& };:

/etc/security/limits.conf

ADVERTISEMENTS



WARNING! These examples may crash your computer if executed. These examples may crash your computer if executed.

Understanding :(){ :|:& };: fork() bomb code

Can you explain the following bash code or bash fork() bomb code?The fork bomb is a form of denial-of-service (DoS) attack against a Linux or Unix-based system. It makes use of the fork operation. Theis nothing but a bash function . This function get executed recursively. It is often used by sysadmin to test user process limitations on server. Linux process limits can be configured viaand PAM to avoid bash fork() bomb. Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting the system as the only solution to a fork bomb is to destroy all instances of it.

:() – Defined the function called : . This function accepts no arguments. The syntax for bash function is as follows:

foo ( ) { arg1 = $1 arg2 = $2 echo 'Bar..' #do_something on $arg argument } foo(){ arg1=$1 arg2=$2 echo 'Bar..' #do_something on $arg argument }

fork() bomb is defined as follows:

:() { :|:& };:

:|: – Next it will call itself using programming technique called recursion and pipes the output to another call of the function ‘:’. The worst part is function get called two times to bomb your system.

& – Puts the function call in the background so child cannot die at all and start eating system resources.

; – Terminate the function definition.

: – Call (run) the function aka set the fork() bomb.

Here is more human readable code:

bomb() { bomb | bomb & }; bomb

Properly configured Linux / UNIX box should not go down when fork() bomb sets off. See the comment # 5 below for more fork bomb examples created in Perl, Windows XP (batch) and C.

Related: How to: Prevent a fork bomb by limiting user process under Linux.

Preventing fork bomb on Linux

Type the following ulimit command to find out the current maximum processes you can run on Linux:

ulimit -u

OR

ulimit -a



The number 128038 indicates that you can run 128038 processes. To protect your Linux system from a fork bomb, you need to lower that number. To limit your session to 5000 processes, use the following command

ulimit -S -u 5000

WARNING! Please don’t set ulimit numbers too low. This will prevent you from working on your system. Please don’t set ulimit numbers too low. This will prevent you from working on your system.

Now run fork bomb again:

:(){ :|:& };:

And you will see messages as follows:

bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable bash: fork: Resource temporarily unavailable

You just avoided fork bomb on Linux. Run the following pgrep command to see the current threads limit:

pgrep -wcu $USER

Sample outputs:

5002