Menu
A fork bomb (also known as a “rabbit virus”) is a denial of service (DoS) attack in which the fork system call is recursively used until all system resources execute a command. The system eventually becomes overloaded and is unable to respond to any input.
The fork bomb is a form of denial-of-service (DoS) attack against a Linux based system. Once a successful fork bomb has been activated in a system it may not be possible to resume normal operation without rebooting the system as the only solution to a fork bomb is to destroy all instances of it.
In computing, a fork bomb (also called rabbit virus or wabbit) is a denial-of-service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation.
A fork bomb will calls the fork function indefinitely and rapidly in no time, thus exhausting all system resources. It comes in the category of Denial of Service attack due to its nature of quickly ripping up system resources and making it unusable within a very short span of time.
Breaking it down, there are three big pieces:
:() # Defines a function, ":". It takes no arguments.
{ ... }; # The body of the function.
: # Invoke the function ":" that was just defined.
Inside the body, the function is invoked twice and the pipeline is backgrounded; each successive invocation on the processes spawns even more calls to ":". This leads rapidly to an explosive consumption in system resources, grinding things to a halt.
Note that invoking it once, infinitely recursing, wouldn't be good enough, since that would just lead to a stack overflow on the original process, which is messy but can be dealt with.
A more human-friendly version looks like this:
kablammo() { # Declaration
kablammo | kablammo& # The problematic body.
}; kablammo # End function definition; invoke function.
Edit: William's comment below was a better wording of what I said above, so I've edited to incorporate that suggestion.
Short answer:
The colon (":") becomes a function, so you are running the function piped to the function and putting it in the backgroun which means for every invocation of the function 2 copies of the function are invoked. Recursion takes hold.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With