someone just ran :(){ :|:& };: on production

  • 4
    The production server got forked
  • 10
    And why wasn't /etc/security/limits not set in production of all places? 😂
  • 4
    Did you had to restart a container to fix it?
  • 1
    What would this do? Noob here
  • 19
    @DeepHotel it's a fun little script, anyone that hasn't done it should go now and run it on their prod servers.

    🪑🍿 📺
  • 20

    It's commonly called a fork bomb.

    The syntax looks weird, but basically it defines a function ":", that calls (and pipes into, for double fun) itself in the background.

    Once the definition is done ";", it calls itself, ":" (functions in bash do not use () for calling).

    Then it will start forking itself into new processes until it exhausts all available PID (and other critical resources), at which point it'll be hard to regain control of the system because your very terminal will become irresponsive to kill it.
  • 6
    @CoreFusionX very informative, thanks!
  • 1
    Is this same as shellshock ? 🤔
  • 3

    No. Shellshock was a family of vulnerabilities discovered in bash that would allow for remote code execution, DoS and others, and were patched.

    This is just someone shooting themselves in the foot because bash allows you to, no different than doing a while(true) busy loop or a stack overflow by calling an infinitely recursive function.
  • 1
    I mean you can allways say that they were doing scalability tests or some sh...

    Why it wasnt limited tho lmao
  • 0
    @CoreFusionX sounds like a recipe for when you want to quit your job and burn bridges on the way out
  • 0

    I'd be wary about that.

    Even if production wasn't secured against it, it still counts as a DoS attempt, which is grounds not only for termination (obviously) but damages liability.
Add Comment