The Bash command :(){ :|:& };: will spawn processes to kernel death. Can you explain the syntax?

:(){ :|:& };:

..defines a function named :, which spawns itself (twice, one pipes into the other), and backgrounds itself.

With line breaks:

:()
{
    :|:&
};
:

Renaming the : function to forkbomb:

forkbomb()
{
    forkbomb | forkbomb &
};
forkbomb

You can prevent such attacks by using ulimit to limit the number of processes-per-user:

$ ulimit -u 50
$ :(){ :|:& };:
-bash: fork: Resource temporarily unavailable
$

More permanently, you can use /etc/security/limits.conf (on Debian and others, at least), for example:

* hard nproc 50

Of course that means you can only run 50 processes, you may want to increase this depending on what the machine is doing!


That defines a function called : which calls itself twice (Code: : | :). It does that in the background (&). After the ; the function definition is done and the function : gets started.

So every instance of : starts two new : and so on... Like a binary tree of processes...

Written in plain C that is:

fork();
fork();

Tags:

Linux

Bash