comment 0

:(){ : | : &}; : – Forkbomb explained

Some of my friends ask me what is this command? How does it work? Why does it make my computer lag so bad that they have to reboot it?!

This command is actually a version of a Forkbomb. When executed, the command multiply itself until your computer runs out of memory by forking a process infinitely. Thats why it lags and you need to restart your computer.

Here is the actual code:

:() { : | : & }; :

Now here’s the code definition chunk by chunk.

  1.  :() This is where you define the function. This function as you can see has no parameters.
  2.  {:|: & }. This part is the function definition. As you can see, inside the function definition there is :|:. This code `:` simply calls the function itself and then load it to the memory. The part `|` means calling the function and pipe it to the same function `:`. So, `:|:` simply loads two copies of the function, whenever `:` is called. This part `&` means disown the functions (make them a background process), so that the children of a parent will not be killed when the parent gets auto-killed
  3. The ; part simply ends the function block.
  4.  Now the last `:` part is simply executing the function itself right away when ever this particular command is being issued.

Although your computer will start normally when restarted after being forkbombed, some says that it can possibly damage your hardware. The command will execute in an infinite loop and exhaust your system. This process may cause over heating and will damage your hardware. But I guess this only happens once in a blue moon.

Anyway, if you are looking for something that you can use against it, then good news. There is actually a safeguard for this.

Unix based operating systems have a process-limit controlled by a ulimit shell or setrlimit. The kernels set and enforce RLIMIT_NPROC rlimit ("resource limit") of any process. If a process tries to perform a fork and the user that owns that particular process has RLIMIT_NPROC, then that fork will fail. You can also edit pam_limits config file /etc/security/limits.conf. However, some Linux base OS doesn’t have pam_limits module installed by default. So you may need to install it manually.

Leave a Reply

Your email address will not be published. Required fields are marked *