22
  • WARNING DO NOT ATTEMPT TO RUN THIS ON A PRODUCTION MACHINE

In reading the Wikipedia page on the topic I generally follow what's going on with the following code:

:(){ :|:& };:

excerpt of description

The following fork bomb was presented as art in 2002;56 its exact origin is unknown, but it existed on Usenet prior to 2002. The bomb is executed by pasting the following 13 characters into a UNIX shell such as bash or zsh. It operates by defining a function called ':', which calls itself twice, once in the foreground and once in the background.

However the last bit isn't entirely clear to me. I see the function definition:

:(){ ... }

But what else is going on? Also do other shells such as ksh, csh, and tcsh also suffer the same fate of being able to construct something similar?

slm
  • 369,824
  • 2
    This one pops up quite often on stack exchange, a good answer is here: http://stackoverflow.com/questions/991142/how-does-this-bash-fork-bomb-work – Drav Sloan Aug 31 '13 at 02:27
  • @DravSloan - I was attempting to create some of that content here, my question is a bit loaded in that way 8-). – slm Aug 31 '13 at 02:30
  • You may want to add the obligatory "For the Love of God don't run this on a production machine, or if you want to continue using the machine you run it on!!" message :) – Drav Sloan Aug 31 '13 at 02:34
  • @DravSloan - added a message, feel free to adjust. – slm Aug 31 '13 at 02:43
  • possible duplicate of Where is the fork() on the fork bomb :(){ :|: & };:? – Martin Schröder Sep 03 '13 at 18:56
  • 1
    @MartinSchröder - you understand that this question was what lead that question to get asked? 8-). I asked this on a friday night to get something going and then the other question came in an hour or 2 afterwards. – slm Sep 05 '13 at 20:53
  • @slm: Ah. I've now flagged the other question; I hope a moerator merges them into one. – Martin Schröder Sep 05 '13 at 21:36
  • 1
    @MartinSchröder - it's probably best to leave them as separate, they're slightly different. This is asking for a whole detailed view of how fork bombs work, that other one was asking for specifics about the mechanism behind how the system is forking within a fork bomb. I know it might seem confusing b/c they are related but they are different (IMO - obviously). I even answered the other Q and tried to show the mechanism under the hood that's driving the forking, and I did not flag it as a dup. – slm Sep 05 '13 at 21:45

1 Answers1

24

This fork bomb always reminds me of the something an AI programming teacher said on one of the first lessons I attended "To understand recursion, first you must understand recursion".

At it's core, this bomb is a recursive function. In essence, you create a function, which calls itself, which calls itself, which calls itself.... until system resources are consumed. In this specific instance, the recursion is amplified by the use of piping the function to itself AND backgrounding it.

I've seen this answered over on StackOverflow, and I think the example given there illustrates it best, just because it's easier to see what it does at a glance (stolen from the link above...)

☃(){ ☃|☃& };☃

Define the bug function ☃() { ... }, the body of which calls itself (the bug function), piping the output to itself (the bug function) ☃|☃, and background the result &. Then, after the function is defined, actually call the bug function, ; ☃.

I note that at least on my Arch VM, the need to background the process is not a requirement to have the same end result, to consume all available process space and render the host b0rked. Actually now I've said that it seems to sometimes terminate the run away process and after a screenful of -bash: fork: Resource temporarily unavailable it will stop with a Terminated (and journalctl shows bash core dumping).

To answer your question about csh/tcsh, neither of those shells support functions, you can only alias. So for those shells you'd have to write a shell script which calls itself recursively.

zsh seems to suffer the same fate (with the same code), does not core dump and causes Arch to give Out of memory: Kill process 216 (zsh) score 0 or sacrifice child., but it still continues to fork. After a while it then states Killed process 162 (systemd-logind) ... (and still continues to have a forking zsh).

Arch doesn't seem to have a pacman version of ksh, so I had to try it on debian instead. ksh objects to : as a function name, but using something - say b() instead seems to have the desired result.

Community
  • 1
Drav Sloan
  • 14,345
  • 4
  • 45
  • 43
  • What are those characters? I know they're bugs but how did you make them? – slm Aug 31 '13 at 02:46
  • 10
    While at a small font size it does look like a bug you'll find that it is in fact a snowman. That would be unicode character U+2603 which can be displayed in html by entering & # x 2603 without the spaces. – sambler Aug 31 '13 at 03:14
  • 2
    Apparently under Linux a fair number of Gnome related apps and Firefox support the Ctrl+Shift+u+<hex> where hex is the hex code of the unicode character you want to display. A list of viewable unicode can be found at: http://www.fileformat.info/info/unicode/utf8test.htm (most of the odd ones are in the "miscellaneous" sections). Windows should checkout http://superuser.com/questions/47420/insert-unicode-characters-via-the-keyboard, and I personally use the tool mentioned in the link unicodeinput.exe or cut and paste via my browser. You can always use html sequences as suggested by sambler. – Drav Sloan Aug 31 '13 at 03:55
  • 1
    Wiki also has a list of unicode characters: http://en.wikipedia.org/wiki/List_of_Unicode_characters – Drav Sloan Aug 31 '13 at 04:32
  • I liked the snowman bug, the one you are using here is not displayed on my system, appears like a box with hex numbers in it. – terdon Aug 31 '13 at 13:43
  • Back to snowmen it is then! :) – Drav Sloan Aug 31 '13 at 14:11
  • @DravSloan - too bad there isn't a little penguin 8-) – slm Aug 31 '13 at 15:50
  • What you mean ? – Drav Sloan Sep 02 '13 at 08:00
  • "piping the function to itself AND backgrounding it." Pun intended? "AND backgrounding it." " & backgrounding it. hehehe" – Cyoce Jan 24 '16 at 07:27
  • "...is amplified by the use of piping the function to itself AND backgrounding it" -- Would it will still work without these amplifications? If not, why not? – Jonah Mar 10 '19 at 17:34