What does this cryptic Bash command mean?

Question

I was reading Ubuntu Forum's warning about malicious commands and found this interesting gem:

:(){ :|:& };:

(WARNING: The above code will crash your machine unless you have strict proc limits in place—which you probably don't—prompting a hard restart.)

But what does that mean? Even with my programming experience I've never seen a command that cryptic that's not assembly language.

score 44 · Accepted Answer · edited Sep 20 '11 at 08:22

It's, as you said, a forkbomb. What it does is define a function, then call it. The function is called :.

Let's name it forkbomb so we can better see what's going on:

forkbomb(){ forkbomb|forkbomb& };forkbomb

As you can see, and probably guess from your programming experience, the first part is the function definition (forkbomb(){ ... }), and the very last : is where the function gets called (the ; just separates statements in Bash).

Now, what does this function do? If you're familiar with Bash, you'll know that the | character pipes the standard output of one command/program to the standard input of another. So basically, :|: starts up two instances of the function (this is where it "forks").

And then the magic: the & puts those commands in the background, allowing the original function to return, while each instance forks 'til the cows come home in the background, thus using up all your resources and taking down the system (unless it has limits imposed on it).

score 10 · Answer 2 · edited Sep 20 '11 at 07:55

Taken from the Wikipedia article Forkbomb:

:()      # define ':' -- whenever we say ':', do this:
{        # beginning of what to do when we say ':'
    :    # load another copy of the ':' function into memory...
    |    # ...and pipe its output to...
    :    # ...another copy of ':' function, which has to be loaded into memory
         # (therefore, ':|:' simply gets two copies of ':' loaded whenever ':' is called)
    &    # disown the functions -- if the first ':' is killed,
         #     all of the functions that it has started should NOT be auto-killed
}        # end of what to do when we say ':'
;        # Having defined ':', we should now...
:        # ...call ':', initiating a chain-reaction: each ':' will start two more.

score 7 · Answer 3 · answered Jul 23 '10 at 04:42

Broken down:

: () // Define ':' as a function. When you type ':' do the following
{
    : // Call ':' 
    | // Redirect output
    : // Into ':'
    & // Push process to the background
}; // End of ':' def
: // Now do ':'

Change : to bomb and you have:

bomb(){ bomb|bomb& };bomb

It's really quite elegant.

Farzana Riyaz · Answer 4 · 2022-07-16T08:41:51.067

In Javascript, a fork bomb is

function :() {
  :();
  :();
}
:();

That function : was a fork bomb, and it was named that because it had to be similar to the bash command. The original assembly code was :(){:|:&}:. I converted this to Javascript by first converting : to :(); (the : at the start excepted because it was a name for the declared function) and removing the | and & characters, and then converting the :(){:();:();} to the following:

function :() {
  :();
  :();
}

and finally converting the : at the end to :();.

What does this cryptic Bash command mean?

4 Answers4

Linked

Related