Tag Archives: fork

Fork Bomb

How does bash fork bomb :(){ :|:& };: work

The fork bomb is kind of DOS (denial-of-service) attack on system. It attacks the system by consuming all resources. It makes use of the fork operation, that is why it is called as fork bomb.

Here is the bash version of fork bomb

:(){ :|:& };:

It is nothing more than bash function definition and calling it recursively to consume all system resources. We can also write this fork bomb in different programming languages like python. It creates endless number of processes to consumes all system resources.

WARNING!   These examples may crash your system. Please don’t try it on production machines or in your libraries or on your machine. If you want to test. Try it executing in Virtual Machine 


Once the fork bomb is successfully executed on system it may not be possible to bring system back into normal state with out restarting it.

Break down of bash fork bomb :(){ :|:& };:

Bash fork bomb

:(){ :|:& };:

Here is elaborated  version of bash fork bomb,



 :()  –  is formal bash function definition. That is, we created a function named as : (colon).  We are calling the same function recursively twice in side function definition.

:|:   –  This function is getting called itself and piping output to another function call using |.  This is programming technique recursion nothing but a process of calling function itself.

& –   This thing will put the process execution to background

;   –   Termination of function definition

:   –    Calling the defined function (:). It initiates the fork bomb. With out this thing fork bomb won’t get started.

Here is human readable version of bash fork bomb. Probably it might make sense,

fbomb(){ fbomb | fbomb &}; fbomb

That is,

fbomb() {
 fbomb | fbomb &
}; fbomb

This fork bomb is some times used by system administrators to test process limits of user. You can save the system from crashing by setting process limits. These process limits can be changed using command ulimit  or these limits can configured  at /etc/security/limits.conf and PAM.  Process limits can be configured per user also.
If you set process limits to any process, all child processes will inherit those limits.

Well configured system would not go down when fork  bomb is initiated.

To query all existing limit try the following command.

ulimit -a

$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 31463
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 31463
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

You can try executing fork bomb by reducing these limits. So, once these limits are hit, kernel will impose a restriction over creating new processes, this is how you can protect the system from crashing  because these kind DOS attacks.

You can run the fork bomb by reducing max user process limits

ulimit -u 100

$ ulimit -u 100
$ :(){ :|:& };:


$ ulimit -u 100
$ :(){ :|:& };:
bash: fork: retry: No child processes
bash: fork: retry: No child processes
bash: fork: retry: No child processes
bash: fork: retry: No child processes
bash: fork: Resource temporarily unavailable

As there is restriction over creating endless processes your system won’t go down or no need to restart to resume normal operation.