Why did the command ":(){ :|: & };:" make my system lag so badly I had to reboot?


    Do not run this command to 'test' it unless you are prepared for a crash and/or force-rebooting your system.

    I was in my Virtualbox running 12.04 trying to compile an app, and while waiting I happened to chance upon a forum where a comment said:

    Try :(){ :|: & };:
    Fun, too, and doesn't need root.

    Without thinking, I ran it in my gnome-terminal. It made my 12.04(in Virtualbox) lag so badly, I had to shut it down.

    My question is what does this command do?

    :(){ :|: & };:

    "lag so badly" is pretty optimistic.

    `:(){ :|:& }&:` is worse on my system.

    So this script is written in linux shell language?

  • SuperMatt

    SuperMatt Correct answer

    8 years ago

    This is called a fork bomb.

    :() means you are defining a function called :

    {:|: &} means run the function : and send its output to the : function again and run that in the background.

    The ; is a command separator.

    : runs the function the first time.

    Essentially you are creating a function that calls itself twice every call and doesn't have any way to terminate itself. It will keep doubling up until you run out of system resources.

    Running in Virtualbox was quite sensible really otherwise you would have had to restart your pc.

    This answer seems to suggest that rebooting is the *only* recourse. But in fact this fork bomb can be killed without rebooting, and I’ve actually observed that it doesn’t work properly on some systems anyway (because their spawn limit is set sensibly).

    Actually, for a full explanation this should probably mention that `;` is a command separator. The `{ ... }` part is simply the content of the function.

    @MichaelKjörling +1 I didn't even understand the syntax until I took into consideration your comments.

    @SuperMatt I dont know if this question is still active, but anyway I wanted to know what does `|` and `&` do. I understand you have provided the working of the function but I wanted to do know what these two do

    @Noober if your still wondering (as am I in this black hole of terse and cryptic documentation that is linux) I know! | is a pipe it is put after a command to send that commands output as the input to the command that follows. & is a fork it creates a new thread for the preceding command leaving the current thread to continue executing more commands

    to build upon @flurbius' response and because it's mentioned in the answer: `&&` is a synchronous command which waits for the previous command to finish before executing the follow code. e.g. `mkdir new_directory && cd new_directory` will create a new directory and once finished will execute `cd new_directory`; If you were to do `mkdir new_directory & cd new_directory` you will get an error from the `cd` program (but the directory was created by `mkdir` but `cd` executed before `mkdir` could exit its processs ).

    and what does the ampersand do? written just after the colon function..

  • This is a so called fork bomb implemented in shell.

    from wikipedia:

    :(){ :|:& };:
    \_/| |||| ||\- ... the function ':', initiating a chain-reaction: each ':' will start    two more.
     | | |||| |\- Definition ends now, to be able to run ...
     | | |||| \- End of function-block
     | | |||\- disown the functions (make them a background process), so that the children    of a parent
     | | |||   will not be killed when the parent gets auto-killed
     | | ||\- ... another copy of the ':'-function, which has to be loaded into memory.
     | | ||   So, ':|:' simply loads two copies of the function, whenever ':' is called
     | | |\- ... and pipe its output to ...
     | | \- Load a copy of the function ':' into memory ...
     | \- Begin of function-definition
     \- Define the function ':' without any parameters '()' as follows:

    Although it's a tangential point and the term 'disown' may be overloaded, technically, a process put into the background is not disowned and can always be brought to the foreground with the 'fg' command, and the process(es) will terminate if the user logs out (if there are still resources available to accomplish a logout).... *unless* and until one runs 'disown' on the process or jobid. After that it is indeed disowned: logging out will not terminate and fg has no effect.

    Although it's only a minor point, the parentheses do not mean there are no parameters in bash-like shells, they are only decoration left over from C-style languages.

  • That command is a well known version of the fork bomb

    fork bomb pic from wikipedia

    It causes your computer to run out of memory by forking a process infinitely. There exist some safeguards you can use against it as well:

    Unix-type systems typically have a process-limit, controlled by a ulimit shell command or its successor, setrlimit. Linux kernels set and enforce the RLIMIT_NPROC rlimit ("resource limit") of a process. If a process tries to perform a fork and the user that owns that process already owns RLIMIT_NPROC processes, then the fork fails. Additionally, on Linux or *BSD, one can edit the pam_limits config file /etc/security/limits.conf to the same effect. However, not all distributions of Linux have the pam_limits module installed by default.

  • According to this :(){ :|: & };: is called

    Forkbomb is a kind of poetic virus creator

    ...The devious little program commands it to make multiple copies of itself, setting off a chain reaction and thus quickly exhausting the system’s resources...

    So advised not to run this, could cause damage to hardware since it causes loopwise execution, may cause heating easily in laptops.

    Another link explains through screen shots here.

    If a fork bomb causes **hardware damage**, then you have a much bigger and deeper problem.

    Maybe he was talking about a bomb with shape of fork that can explode near your PC ?

    The link for the screenshot is broken.

    If it causes hardware damage, that means it exposed a hardware problem that already existed. Like a laptop with blocked cooling fans or air channels. It just runs the machine at 100% load for a long time. (CPU, main memory and hard disk (assuming virtual memory) run at high load, and one of them is the limiting part running at 100%). That can happen in perfectly benign situations, like simulation software of many kinds.

  • It is called a “fork-bomb”, as explained above, and another way of doing this would be to use background execution rather than piping:

    :(){ :&:;};:

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM