Linux Fork Bomb: The Self-Replicating Shellshock
💀 The Fork Bomb 🍴💣
:(){ :|:& };:
One of the most infamous lines ever to grace a terminal. A minimalist masterpiece. A denial-of-service wormhole. It’s a digital pipe bomb made of nothing but bash syntax and recursion.
🚨 Warning: Running this will freeze or crash your system. Don’t try it unless you’re in a secure VM or container.
🧠 So… What Is It?
A fork bomb is a denial-of-service (DoS) attack — not by brute force, but by replication. It rapidly spawns processes to the point that the system runs out of available PIDs (process identifiers) and becomes unresponsive.
Let’s break it down:
:(){ :|:& };:
| Part | Meaning | |
|---|---|---|
:() |
Defines a function named : — yep, valid but cryptic |
|
| `{ : | :& };` | Function body: call itself and pipe output to another call, in the background |
: |
Call itself to kick things off |
🔀 What Happens?
-
:is defined as a function that: -
Calls itself (
:) - Pipes (
|) its output to another call of itself - Backgrounds the whole thing (
&) - When
:is executed, it spawns two new instances of itself (via the pipe). - Each of those spawns two more...
This is exponential growth, choom. Within seconds, you’ve got hundreds of processes competing for CPU, RAM, and kernel-level PID slots.
🛡️ Defending Against It
- Limit user processes:
# /etc/security/limits.conf
* hard nproc 100
- Control with
systemd:
[Service]
LimitNPROC=128
- Contain it in a sandbox/VM. Never trust random shell one‑liners.
🕷️ Retro Hacker Lore
Back in the BBS and early IRC days, this kind of stunt was legendary. Paste it in chat, watch unsuspecting sysops melt. It’s the hacker equivalent of handing someone a cursed floppy.
🧪 Fork Bomb Variants
C-style
int main() { while(1) fork(); }
Python
import os
while True:
os.fork()
📝 Final Thoughts from NovaNet
The fork bomb is art. It's also a warning. A few bytes of code can cripple an entire system — and that’s why we study it. Stay sharp, choom.
Ghosted in the Shellcode. Kei Nova out.