Bash Fork Bomb

Maybe you've heard of the bash fork bomb, maybe you haven't. You may have even seen the command that launches the fork bomb but don't know what it means or just haven't taken the time to think it through. Whatever the case, the bash fork bomb is something that is pretty interesting.

The short explanation of what the fork bomb does is that it recursively and exponentially spawns processes until your system crashes. So, what does this fork bomb look like? Here it is:

$ :(){ :|:& };:

So, that's great, but what exactly does it do? Well, let's break it down to explain what it is

  • :(){ :|:& }
    This defines a function : that does not accept any arguments, thats the () part. So, what does the function do? That's the part inside the curly braces.

  • { :|:& }
    This is the meat of the function, what gets run when you actually call :. When you call the function :, the first thing it does is to call itself and it pipes the output into another call of itself. So, short story here is that : calls itself twice; hence the exponential growth of processes spawned. The thing is that each time : gets called, that's another process running on the system. And, here's the kicker, the second time : is called, it is sent to run in the background with the &, so killing the parent process won't kill it.

  • ;:
    This is where we actually call : for the first time. The ; operator says to run the following command immediately after the previous one has finished. So, what does it do? Immediately after defining the : function this calls it, and then you play the waiting game until your system crashes.

You should probably not run this command on your system. If you're curious, fire up a virtual machine inside virtual box and give it a go there. Maybe I'll do that and post a video.

So, what good is this fork bomb? Well, this is something that sys admins use as a way to test limits on user processes. Once you launch this fork bomb, the only way to end it may be to reboot your system. The reason is that you have to destroy all instances of it to resume normal function.

See you next time.

No comments:

Post a Comment