Elegant Fork Bomb

Posted by Nancy Wyatt (Penetration Testing), 29 May 2012
Here is a rather beautiful Unix command which will lock up a computer:

:(){ :|:& };:

It's neat because it's short, deadly and pleasingly all-punctuation. It's what's known as a "fork bomb", a self-replicating program which does nothing except multiply. It locks up the computer because there is a limit to how many processes can be run at once. When the limit is breached, no more commands can be entered because each command necessarily starts a new process.

However since the colons in the example are just placeholders and can be replaced with any single word, the same thing could be written, with added spacing, as:

     destroy | destroy &

ie: we first define a function called 'destroy' which simply runs two copies of itself. Then we run it once, setting off the chain reaction.

It causes a fairly significant security problem because it potentially allows a non-admin user to take down the entire system. The solution? Process limits - limiting the number of processes that users can create. A starter for ten is the file /etc/security/limits.conf.


Post a Comment