Talk:Fork bomb

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Security (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computer Security.
 

:(){ :|:& };:[edit]

Hi. I'm the one who published the Forkbomb SHELL code :(){ :|:& };: as a work of art in 2002. My artwork used to be quoted in this article, as an example which is still there. A few months ago this reference was deleted and I asked the one who deleted why. Here is the discussion (update! now even the discussion has been deleted!). Anyway, I'm looking forward to read your opinions on art :^) And I hope I won't be removed from this little part of Internet history, that forkbomb was a source of inspiration for this article. ciao jaromil (talk) 00:17, 28 October 2012 (UTC)

please ignore my message above since the whole section on forkbombs (IMHO the most entertaining part of this article), has just been deleted, including the quote of my artwork. All hail deletionism! ciao jaromil (talk) 18:04, 3 November 2012 (UTC)

Are you seriously claiming ownership of a simplistic bash command line under the guise of art? Really? 71.92.36.147 (talk) 07:47, 8 November 2012 (UTC)

I'm not "claiming ownership" in any way, I've only asked to be fairly quoted as I did present that forkbomb as a work of art. I cannot claim any more ownership on it than Andy Warhol could have done on Campbell soup cans. jaromil (talk) 17:11, 26 February 2013 (UTC)

Following recent edits, I'd like to thank the editors involved for restoring a whole lot of information that was present on this article and deleted without much discussion. Regarding the "elegant" definition of the :(){ :|:& };: forkbomb, here is the statement of a well known art critic and computational linguist http://runme.org/feature/read/+forkbombsh/+47/ among other awards and reviews. This runme link was what is now a missing reference resulting from the deletion. ciao jaromil (talk) 13:38, 7 March 2013 (UTC)

Removed wording suggesting Jaromil invented this snippet. It has been shown in numerous sources that this has existed long before he supposedly came up with it. He may have independently came up with it without having knowledge of it prior, but is no reason to credit him as the creator. http://www.oocities.org/f173s/sendmail-8_8_x-8_9_x.txt https://groups.google.com/forum/?hl=en&fromgroups#!topic/muc.lists.bugtraq/CH1RVi3TWZo 65.5.176.229 (talk) 16:45, 7 March 2013 (UTC)

Who displayed what for whatever is irrelevant to the topic of this page. Citing the bash fork bomb as being displayed as art once upon a time doesn't belong here. I have removed the reference. 75.131.26.156 (talk) 04:45, 9 March 2013 (UTC)

Then why list that forkbomb as first? I argue because it is *elegant* as is, defined as such by art critics (reference available, but deleted!). I find the fact that a forkbomb can be an artwork and can be defined elegant as *relevant* to this article. I'm also very tired of arguing against IP numbers, all the people that have advocated this act of deletionism are not wikipedia editors nor have signed themselves. jaromil (talk) 05:17, 22 June 2013 (UTC)

Beware Wikipedia editors: this page is being targeted by deletionism. The page recent history will show several unsigned interventions aimed at deleting content and omitting historical information. jaromil (talk) 09:54, 12 April 2013 (UTC)

Removed reference to it being 'art' at some event once more; IT DOESN'T BELONG! Stop adding it. 68.114.46.33 (talk) —Preceding undated comment added 22:12, 24 June 2013 (UTC)

I did not added it in the first place, its deletion is not being debated here and you are insisting to vandalize the article from an unregistered IP. Please argue why it doesn't belong. I'm not self-promoting, I'm defending factual information that was added on the article and is being vandalized from unknown ip addresses. jaromil (talk) 11:01, 30 June 2013 (UTC)

Please stop edit warring over this sentence! Jaromil, I've reworded the bit about the artwork and added a reference, but dropped your name; if an uninvolved party feels that the name should be included they're welcome to put it back in. IP addresses, I personally believe that the possibility that fork bombs could be regarded as art merits inclusion in the article, but I'm open to other opinions. — Wolfgang42 (talk) 17:35, 1 July 2013 (UTC)

Thanks for your mediation Wolfgang. As you can see from the history, this article has been targeted by random ips deleting its content, even the whole section about different forkbombs, while I've not been the only one trying to defend it so far. Regarding the specific artwork quote, your solution is good. jaromil (talk) 13:27, 5 July 2013 (UTC)
Actually one more thing: the correct reference for the artwork is this link http://runme.org/project/+forkbombsh/ . Runme is an online exhibition of software art and has academic accreditation in several publications, while it quotes comments of art critics and links catalogues. I suggest to use that as a reference rather than a blog article. jaromil (talk) 13:31, 5 July 2013 (UTC)
I added it, but also kept the twinfish citation since they each contain different information. — Wolfgang42 (talk) 19:53, 5 July 2013 (UTC)

I think the example should be removed entirely due to the fact that it cannot work as intended in any POSIX-compliant shell, including Bash's POSIX mode. It isn't technically valid shell code, and can only work due to quirks specific to Bash's non-POSIX mode, and in Zsh due to it having the right combination of bugs. I covered the problem in more detail in this article a while ago. Aside from the reserved function name, it isn't the most effective implementation. The `&` is just shooting yourself in the foot because the caller now doesn't need to wait for the subshell functions to return and is free to exit immediately, thus the second function call isn't accomplishing anything other than the net effect of replacing the caller, so this is not exponential growth. Also, the pipeline slows down the calls by making unnecessary system calls to set up the pipe and redirect I/O between processes that never read or write anything. This fork bomb could be "improved" using something like: `f() { f & f; };` or `f() { f & f & wait; };`. Ormaaj (talk) 09:49, 23 May 2014 (UTC)

Java Applet example[edit]

I do not think the Java Applet example is a fork bomb: 1) It does not spawn processes. 2) Even if you are liberal and define a "new thread" to count as a "new process", this example's new threads do not spawn new threads themselves, which is the signature "forking" element of the fork bomb. It is my opinion that this example is designed to deny CPU cycles rather than deny process table entries and/or thread handles. I intend to remove this example in a month or so, unless someone can convince me that this code really does represent a fork bomb. -MC (talk) 05:01, 24 July 2010 (UTC)

On Windows with older VM's new processes are spawned as opposed to threads. I'll change the example to its modern equivalent this week as the example is now outdated. You are correct in assuming that on some hosts it may act as a local DOS on the CPU. KingOverload (talk) 07:11, 10 August 2010 (UTC)
A larger issue is that the program doesn't actually exhibit forking behavior, which is a key element of a fork bomb. When a fork bomb spawns a new process/thread, that new process/thread should spawn a new process/thread, and etc. In this example, the spawned threads do not spawn new threads, but rather sit in a tight loop (presumably to achieve CPU starvation as quickly as possible.) I understand that introducing forking to the example quickly leads to OutOfMemoryExceptions, which makes the example ineffectual as an denial of service attack. However, if I had to choose between two examples: one exhibits correct forkbombing logic, but does not effectively deny service, and the another that effectively denies service but that has pseudo-forkbomb logic, I would opt for correctness of fork bomb logic over effectiveness of denial of service. -MC (talk) 03:12, 14 August 2010 (UTC)


Can anyone prevent a fork bomb in windows? If so please put it on the main page —Preceding unsigned comment added by 79.97.217.123 (talk) 00:10, 28 November 2008 (UTC)


I got here from wabbit but this is not explained. Can someone please do so! --HappyDog 17:12, 31 Jan 2004 (UTC)

Fixed. Better late than never :) Sietse 12:47, 28 Sep 2004 (UTC)
The fork bomb in windows batch file made my computer crash, very interesting. I don't know how it works though should that be added? Jasonxu98 (talk) 00:28, 10 November 2010 (UTC)

Why the "%0|%0" windows example was removed (by Andrew Hampe)? Is it not the most concise example for the windows platform and worth including? --LKRaider (talk) 12:41, 10 December 2007 (UTC)

Yo right, it's back... --213.220.241.158 (talk) 15:14, 17 January 2008 (UTC)
It's not necessary to make the fork bomb work, so why is it there? Skootles (talk) 02:47, 4 January 2009 (UTC)
And as Windows (DOS) processes pipes single-threadedly, the remainder of the pipe waiting for the previous processes to exit before launching the next step, "%0|%0" will actually only have a single thread running at any time. 131.207.223.232 (talk) 06:44, 11 March 2009 (UTC)
That's not exactly true. "%0|%0" has entirely different effects on DOS and Windows. DOS is a single task operating system - basically it's always running one thread, the operating system by itself doesn't implement any scheduling. On DOS, "%0|%0" does what you said, it just puts the computer in a single-thread infinite loop. On Windows, however, "%0|%0" really implements a fork bomb, because the OS executes the 2 commands simultaneously; the 2nd process will be only suspended, if it tries to read from the standard input, while the 1st process haven't produced any standard output yet. For a proof, type: "notepad | notepad" - two Notepads will open at a time, and both will be fully operational. If you were right, the 2nd Notepad should only open after the 1st one gets closed.
Anyway, the DOS example should be really removed, because fork bombs only work on OS-es those implement at least preemptive multitasking. --MegaBrutal (talk) 18:02, 12 January 2011 (UTC)



Why do you include two versions in perl? Both of them are in fact the same. 89.77.174.218 (talk) 09:40, 27 February 2008 (UTC)


Article mentions that bash fork bomb was created by Jaromil in 2002. I was able to find posts of a polish white hat - lcamtuf from 1999 in usenet, in which he had this fork bomb in his signature. Necc (talk) 17:25, 13 March 2008 (UTC)

If you can cite a source of this update the page ;) You might want to tell Jaromil too! - MattOates (Ulti) (talk) 18:54, 13 March 2008 (UTC)

It doesn't say that he came up with that piece of code. I just remember him having it a long time ago before apparently it was invented :] Here's an example, although you can find it in most of his emails from that period: http://groups.google.co.uk/group/muc.lists.bugtraq/browse_thread/thread/87d51562dd3599a/044c5404a9860dd4 Necc (talk) 20:12, 17 March 2008 (UTC)

Hi there its interesting to note that the forkbomb circulated before I've published it as an art-piece and I love to acknowledge that whenever I'm presenting it, however after a recent edit that whole lot of story about this forkbomb getting into the art-scene has disappeared http://en.wikipedia.org/w/index.php?title=Fork_bomb&diff=478538756&oldid=478067768 I think this is sad, I've always found it relevant to inform people that code can also be art and poetry and this way there is no more trace of this rather unique episode. also the articles on Software art and Net art are not mentioning it. As an artist I kindly ask to be quoted when my artwork is presented, nevertheless thats not a requirement for you here. so well, do as you like, I'm enough of a target on my page being called autobiography all the way, just sayin'. thanks, ciao jaromil (talk) 16:53, 25 July 2012 (UTC)

The Erlang fork bomb should be removed; the processes created by Erlang are restrained to the virtual machine and only dispatched and load balanced by the VM itself. They're NOT OS level threads. Hitting the limit of Erlang processes will thus only crash the Erlang VM and will not influence anything else. I believe the example should be removed, as it's misleading and doesn't fit the definition. —Preceding unsigned comment added by Mononcqc (talkcontribs) 16:35, 19 April 2009 (UTC)

The bash fork bomb cure does not work...[edit]

I tried it both before and after fork bombing. It just says: -bash: !: event not found

One of the examples under the defuse section is just completely wrong. The dot (.) command does NOT "call the current directory", it's an alias for the built-in "source" command. Seriously, people should test these examples. Also, people who haven't got a clue should avoid making things up in their haste to appear smart.

What is actually the '!'? —Preceding unsigned comment added by Ehasl (talkcontribs) 20:11, 25 April 2008 (UTC)

The syntax "&!" in zsh disowns (i.e., avoids job control) on the new child process. This is necessary to avoid overflowing the shell's job control tables. With bash, you can use "... & disown" instead.


Getting rid of a forkbomb on Linux systems even if the process table is full is possible. 1. Press Ctrl+Alt+F1. After a while you should see the login: prompt (if something else is there use Ctrl+Alt+F2 etc until you find one) 2. Login as root. Once again, this might take awhile 3. Issue kill -9 -1. This might take a while again but once it is done, the forkbomb is dead, as is everything else 4. issue init 1 followed by init 5 to restart system services —Preceding unsigned comment added by 64.139.38.226 (talk) 23:22, 11 August 2008 (UTC)

While a forkbomb is running[edit]

Should Wikipedia include what errors, etc. come up during a fork bomb? IE: Windows Command Line in Vista states that "The process tried to write to a nonexistent pipe." This usually occurs late in the fork bomb. 24.183.100.243 (talk) 02:24, 20 January 2009 (UTC)

Neither it works in Windows 7 also:

C:\Users\Dyr>:s C:\Users\Dyr>start %0
Не удается найти файл %0.

C:\Users\Dyr>goto :s

C:\Users\Dyr>%0|%0
"%0" не является внутренней или внешней командой, исполняемой программой или пакетным файлом.

C:\Users\Dyr>
--217.119.16.26 (talk) 12:21, 6 April 2010 (UTC)

This doesn't apply to Windows at all. Get a real OS. — Preceding unsigned comment added by 217.42.5.13 (talk) 06:45, 12 March 2012 (UTC)

claiming Windows is not a real operating system? baka, windows is a very real and very popular OS; anyway, this DOES apply to windows 7, you just need it to run as a .bat file ^^ save %0|%0 in a .bat file, and run it, then open taskmgr.exe .. luckily you can easily "defuse the bomb" by spamming the X button on the batch window ^^ Divinity76 (talk) 12:45, 5 February 2014 (UTC)

How-to tagging[edit]

Removed the how-to tag, these are elegant examples that aid description, programming is about instruction it is an unavoidable consequence that this resembles a how to. You would not stigmatise an arts page as how-to because they have a gallery of examples. I agree its got a bit out of hand on this page with the fanboy attitude of adding every language under the sun :S but deciding what languages are significant is another story. MattOates (Ulti) (talk) 08:04, 3 June 2009 (UTC)

Why are examples included[edit]

I know that Fork Bombs are relatively harmless since they can be terminated through a log off, or a reboot, but is it really a good thing to produce so many examples of them on this one page. It just seems like any sort of malicious code, virus, or bomb should not be posted in a place like this. 143.112.32.4 (talk) 20:53, 5 January 2010 (UTC)

i agree what if terrist git this kode and bomb murrica!!!! —Preceding unsigned comment added by 86.42.170.162 (talk) 19:45, 12 February 2010 (UTC)

The NASM assembly example[edit]

Why do you push and pop from the stack? Isn't this better?

section .text

global _start

_start:

mov eax,2
int 0x80
jmp _start

? —Preceding unsigned comment added by 85.167.25.91 (talk) 14:51, 2 July 2010 (UTC)

Memory hogging?[edit]

Don't most fork bombs allocate each process memory with Malloc or whatever language specific memory allocation function that language uses? So shouldn't the C/C++ examples malloc themselves, I don't know, 100 MB?Mmavipc (talk) 05:55, 2 September 2010 (UTC)

I removed most of the stuff about this since pretty much every operating system implementation uses copy on write nowadays. Cdwn (talk) 14:43, 26 September 2012 (UTC)

bash broke the classic bomb[edit]

The classic ":(){ :|:& };:" bomb doesn't seem to work on newer bash versions anymore - it gives a syntax error. --187.15.115.138 (talk) 18:10, 25 September 2010 (UTC)

':' is a Bash builtin synonymous to true. That definition overrides it (though you can still access it with "command"). Not sure why you would pick : as the function name but it probably isn't a very good idea. For some reason that name is the canonical definition for this recursive forkbomb but might break on some configurations. Ormaaj (talk) 22:56, 3 February 2011 (UTC)
: is not synonymous with true, it is a noop that just happens to return true. Cdwn (talk) 02:35, 19 September 2012 (UTC)
Please see man true. true is a command, which always returns exit code 0 (success). : is a builtin doing exactly the same. Nyh (talk) 21:38, 20 September 2012 (UTC)
If you are using bash, the manual page does not document the version of true that you are probably using, as true is also a shell builtin. Compare strace bash -c : and strace bash -c true; they do not perform the same internally. Either way, my intention was only to correct a factual inaccuracy, not engage in pedantry over function vs. form (or the meaning of what it is to be "synonymous"...). Cdwn (talk) 14:22, 26 September 2012 (UTC)

Minor[edit]

I removed the M forkbomb, because it was wrong. A real one would look like this:

f f j f

but I think that the whole examples section is OR, so I'm just going to leave it out. 24.177.120.138 (talk) 07:50, 17 April 2011 (UTC)

The Lisp version is single threaded[edit]

And it should probably be referred to as common lisp, rather than just lisp. It can't be made multi-threaded, let alone multi-process, as forking and threading are undefined in the standard. Maybe it should be deleted or changed to an implementation dependent version? —Preceding unsigned comment added by 138.37.91.30 (talk) 16:14, 26 April 2011 (UTC)

ABAP Version[edit]

ABAP Version was just an infinite loop and not a fork bomb. Given the fixed number of process slots Netweaver has with a roll-in/roll-out mechanism a forkbomb does not quite make sense - it would not bring the system completely to its knees, it would just drastically degrade performance. I guess a semi fork-bomb can be made using CALL FUNCTION .. IN BACKGROUND TASK. — Preceding unsigned comment added by 41.185.97.170 (talk) 09:07, 22 September 2011 (UTC)

"In general C++..."[edit]

I will be editing this because it doesn't use any functions or syntax specific to C++, and also it uses the C standard library to actually use the system() function. Also, I have general issues with it: I'm not sure it's a proper fork bomb as it consumes one thread and only one of the processes is using the CPU; all the others appear to be idle. None daemonise from the calling shell. --Adamd1008 (talk) 18:14, 7 October 2011 (UTC)

Defusing: Citation needed[edit]

Apparently, in testing on twelve different systems here (old systems i didnt mind imploding), defusing the fork bomb as mentioned in the section where the fork bomb is this:

:(){ :|: & };:

does not work. This was posed as a solution:

:(){ . & };

***This does not work***. -- TrekCaptainUSA (without login, due to a bug in the web browser being used)

Misleading graphic[edit]

The graphic in the intro doesn't represent a canonical fork bomb properly, it represents one using wait(), which doesn't make any sense. The graphic should probably be fixed to actually represent what a canonical fork bomb looks like. Cdwn (talk) 02:33, 19 September 2012 (UTC)

Actually, it doesn't even look like one using wait()... if the intention is to demonstrate the exponential nature of a fork bomb, this is a good graphic, but in terms of actual accuracy it is somewhat lacking. Cdwn (talk) 04:35, 27 September 2012 (UTC)

Removing/making examples section more terse[edit]

Is it really a good idea to have a vast "examples" section? I see them only in other articles that describe features that are programming language related, but a fork bomb is not a programming feature, it's a computing phenomena. If there are no objections, I would seek to remove it, and replace it with descriptive pseudocode. Cdwn (talk) 14:34, 26 September 2012 (UTC)

I've removed the section in question and replaced it with generalised implementation details. Cdwn (talk) 03:31, 27 September 2012 (UTC)
I very much think it is a mistake to remove all of the examples. An encyclopedia should be able to cite real world examples, and you have removed those from the page. I see no reason to believe that providing real examples is any way detrimental to this page. There is no reason to censor information. 76.247.159.59 (talk) —Preceding undated comment added 18:10, 14 November 2012 (UTC)

Original research in "Defusing" section[edit]

The whole "Defusing" section appears to be original research. I'll try and find some references and clean it up, but otherwise failing that I'll just remove it. Cdwn (talk) 14:46, 26 September 2012 (UTC)

I've removed it. Cdwn (talk) 18:29, 27 September 2012 (UTC)

Prevention section is highly Unix-biased[edit]

Ideally there should also be information about fork bomb prevention on other common systems (Windows in particular). I didn't find any good references on the subject after a quick skim, but I'll keep on looking. Cdwn (talk) 18:30, 27 September 2012 (UTC)


Comment from user[edit]

well done for messing up a good page from a user. you are so fail. — Preceding unsigned comment added by 86.148.12.80 (talk) 15:05, 1 October 2012 (UTC)

Assuming that you're talking to me, since I have been the only one working on this article in the past few weeks. I can only apologise if what I've done has in your view detracted from the quality of the article. This has been my first "serious" attempt at editing on Wikipedia in a long time, so it is entirely possible that I may have missed a few things or got some things wrong. There was quite a large amount of unreferenced content, and after a lot of searching I couldn't find any references for them, so one of the major things that I have done is removed large quantities of unreferenced original research; perhaps this is what you're referring to. If you can find some reliable references for the content, I would highly encourage you to readd the content with those attached. Otherwise, if it was something else that I did which negatively impacted on your view of this article, please let me know and I'll do my best to rectify it where possible. — cdwn 20:36, 4 October 2012 (UTC)

Readdition of unreferenced "defusal" section[edit]

A few weeks ago, I removed unreferenced content in the form of a "defusal" section in the article (see here). This content was today readded by another editor. Does my original removal under WP:OR seem appropriate? Would there be further objections to the re-removal of the content? — cdwn 23:05, 15 October 2012 (UTC)


I re-added the information because it contains data I've used in the past to fiddle about with forkbombs. I've never personally succeeded in defusing one myself, so I suppose I could open up a virtual machine and test it out, but if personal research is really going to be removed from wikipedia I guess there really is no point in doing so. — Preceding unsigned comment added by 74.195.36.241 (talk) 02:52, 17 October 2012 (UTC)

Original research is not permitted by Wikipedia policy. That is the reason that I removed it in the first place. — cdwn 12:05, 29 October 2012 (UTC)
cdwn's message above is true and completely correct in this instance. If he wishes to remove it now then I'd agree with the removal. gwickwire | Leave a message 22:22, 1 November 2012 (UTC)

Portability: Works on Cygwin![edit]

Feel free to add this "finding" to the article if you think it belongs there - in a more encyclopaedic format obviously.

While compiling stuff on a remote server, I got really bored. Long story short - the bash forkbomb from this article works very nicely on Windows in Cygwin.

Not only that, but Windows' equivalent to `killall` is quite weak at dealing with it. It kills some (but not all) of the forked processes on this Windows 7 machine (using "taskkill /f /im sh.exe"), so the "survivors" continue forking. I had to run the command almost a dozen times before it killed every last fork...

I didn't see the process count, but the handle count in task manager went from 25000 to around 80000 before I got the first kill order dispatched.

194.150.65.97 (talk) 03:16, 27 August 2014 (UTC)