• Uncategorized

About linux : The-Bash-command-will-spawn-processes-to-kernel-death-Can-you-explain-the-syntax

Question Detail

I looked at this page and can’t understand how this works.

This command “exponentially spawns subprocesses until your box locks up”.

But why? What I understand less are the colons.

[email protected]$ :(){ :|:& };:

Question Answer

:(){ :|:& };:

..defines a function named :, which spawns itself (twice, one pipes into the other), and backgrounds itself.

With line breaks:

:()
{
    :|:&
};
:

Renaming the : function to forkbomb:

forkbomb()
{
    forkbomb | forkbomb &
};
forkbomb

You can prevent such attacks by using ulimit to limit the number of processes-per-user:

$ ulimit -u 50
$ :(){ :|:& };:
-bash: fork: Resource temporarily unavailable
$

More permanently, you can use /etc/security/limits.conf (on Debian and others, at least), for example:

* hard nproc 50

Of course that means you can only run 50 processes, you may want to increase this depending on what the machine is doing!

That defines a function called : which calls itself twice (Code: : | :). It does that in the background (&). After the ; the function definition is done and the function : gets started.

So every instance of : starts two new : and so on… Like a binary tree of processes…

Written in plain C that is:

fork();
fork();

Just to add to the above answers, the behavior of pipe | is to create two processes at once and connect them with pipe(pipe is implemented by the operating system itself), so when we use pipe, each parent processes spawn two other processes, which leads to utilization of system resource exponentially so that resource is used up faster.

Also & is used to background the process and in this case prompts returns immediately so that the next call executes even faster.

Conclusion :
|: To use system resource faster( with exponential growth)
&: background the process to get process started faster

This defines a function called : (:()). Inside the function ({...}), there’s a :|:& which is like this:

  • : calls this : function again.
  • | signifies piping the output to a command.
  • : after | means pipe to the function :.
  • &, in this case, means run the preceding in the background.

Then there’s a ; that is known as a command separator.

Finally, the : starts this “chain reaction”, activating the fork bomb.

The C equivalent would be:

#include <sys/types.h>
#include <unistd.h>
int main()
{
    fork();
    fork();
}

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.