11 Characters and boom

SecurioSecurio
3 min read

Table of contents

Overview

: ( ) {: |: & };: this one-liner bash can freeze your workstation and put your workstation into its knee. This one line is so powerful if you run it on actual hardware in the production environment you need to talk to your admin to physically shut this pc down. So, What this one linear is and how it works; we'll know in this writing.

Above code is known as a fork bomb. It's a bash script that fork the program into itself an infinite number of times until the pc ran out of memory and CPU. Fork is a system call used to create a new process in UNIX and LINUX systems. In the C program, it calls through the fork() function. But this function can be re-created in many forms just like the above code.

Explanation

At very first sight it might look like jargon but let's breakdown into its parts.

: ( )          # a functions name ":" declared
{              # opening of the function
    : | : &    # creating a fork of the same function
} ;            # closing of the function
:              # function call

At first, a function named ":()" declared, we can name anything to a function.

Then inside the function output of the function ":" is piped to the same function using "|" symbol and make it a background process by using "&".

Then the function closed "};", and finally calling the function ":".

And that's it, this is how the fork bomb works. Very simple and very effective.

Prevention

Fork bomb functions by creating multiple processes until the system ran out of resources. To check how many processes a user can run by typing ulimit -a.

We can limit each user's maximum number of processes they can run. For example, ulimit -u 30 can limit the user to run a maximum of 30 processes on the machine.

But this is temporary, after the user logout the value will reset. To make it permanent limits can be set from /etc/security/limits.conf.

<domain> for hostname, <type> hard/soft, <item> different item shown in the ulimit command and <values> for the define values as limit.

<domain>  <type>  <item>  <values>
osboxes    hard    nproc    1000

# osboxes -- hostmane of the machine.
# type    -- hard as we setting for permanent.
# item    -- nproc (max no. of process).
# values  -- 1000 as limit.

It can also be set through systemd config.

BSD based systems like FreeBSD admin can set limit in /etc/login.conf. In modern linux systems fork bombs are being prevented using cgroups and process ID controller.

0
Subscribe to my newsletter

Read articles from Securio directly inside your inbox. Subscribe to the newsletter, and don't miss out.

fork bombBashLinux

Written by

Securio
Securio