Is it a joke or a command?

Hello,
I have found some commands in a forum under "top ten unix commands" topic and I'd like to ask: what does below command do:
Could it really be a command or a joke?

:(){ :|:& };:

Thanks
Boris

1 Like

Hi, this is one of the most well known "fork bombs". The use of ":" as a function name will work in bash or zsh, but not in most other shells. It is an unlimited recursive function that keeps calling itself and spawning new processes until your computer runs out of resources.

Never run that, or your computer will come to a crawl and it will need to be rebooted if there are no provisions to limit your user processes.

7 Likes

One of our developers unleashed this very fork bomb. On a development box. Fortunately developers did not have shell level access to production. There is a special account to fix prod problems. That account has a password change every 7 days, when on-call rotates to another user.

This why you do not let anyone except a special highly controlled account onto prod. We script-ed the account, just to be able to report to auditors what exactly each and every action against the prod db and files was. This included code pushes.

And no, it is not a joke. Never trust anything from that site again if they presented the forkbomb as something benign.

5 Likes

Hello,
Thank you all for your comment.
Here is another one, posted by the same person:

echo -e "#include <unistd.h>\nint main(void){while(1) {fork();}return 0;}" > x.c; gcc -o x x.c && ./x

creating c file, under gnu c compiler , doing something, convert it to x and run it.

Thank you
Boris

Looks like another fork bomb.
Harden your system! For example, RedHat/Centos 7.x has

# grep '^[^#]*nproc' /etc/security/limits.conf /etc/security/limits.d/*
/etc/security/limits.d/20-nproc.conf:*          soft    nproc     4096
/etc/security/limits.d/20-nproc.conf:root       soft    nproc     unlimited

At login (generally: at every system access) this limit is set by PAM. Can be verified with

ulimit -a

Caution, even if the root account were not excepted, the PAM might not set the limit for UID=0 accounts. Another reason to not run suspicious code as root!

1 Like

Hi fellas...

OO oriented programming lends itself to quick acting fork_bombing and memory eating.
Take this Python code deliberately held back:

# Works on any Python!
# OO programming eats memory like there's in no tomorrow!
text='Junk variable!'
for x in range(0,5,1):
    text=text+text
    print(text)
    print(id(text))

# A very basic fork bomb for Python, the print function holds it back:
# def _(): _()

def _(): print('_()'); print(id(_))
_()

Results OSX 10.14.3, default bash terminal calling Python 3.5.2.

Last login: Thu May  2 10:13:33 on ttys000
AMIGA:amiga~> cd Desktop/Code/Python
AMIGA:amiga~/Desktop/Code/Python> python3.5 OO_bomb.py
Junk variable! Junk variable! 
4328391264
Junk variable! Junk variable! Junk variable! Junk variable! 
4328477280
Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! 
4327568992
Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! 
4338181032
Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! Junk variable! 
4337054352
_()
4338198864
AMIGA:amiga~/Desktop/Code/Python> _

As one can see the fork bomb although not obfuscated is a single line of code and very dangerous.
Object Orientation OTOH is memory hungry and anyone with any knowledge can do that from Python interactive shell.
With only 2MB of memory on a stock AMIGA A1200 and Python this stood out only too well as soon my 2MB was gone.

3 Likes

If you consider : as True, NOP or Pass and use the 'True' meaning then I will rewrite in a method that is understandable.

# Create a function True(), ':()'.
True()
{
        # Call True ':' and Pipe '|' to itself True ':' in the Background '&'.
        True | True &
}
# Command separator ';', valid in shell scripts using a newline in its place.
# Call it.
True