In the name of Science

As a bit of a primer, let me just say that the phrase “fork bomb” is one of the most awesomest (yes, most awesomest) phrases (syntactically, grammatically, phonetically…ecumenically) that I have ever heard.  It just sounds badass.

Fork bomb.  Give the person who first uttered it a Snickers.

Anyway, during my usual banter-fest with an inferior life form known as “Charlie” (aka my former suitemate and one of my best friends who is currently finishing up his CS degree at Georgia Tech) yesterday, he suggested I punch the following into a terminal:

:(){ :|:& };:

Let’s break it down, shall we?

:(){ :|:& };:

The first colon, with its opening and closing parenthesis, defines a bash function named “:” that accepts no parameters.  Pretty straightforward.  It’s tricky in its simplicity, mainly because application programmers (like myself) will initially be thrown by the use of the colon; in most modern programming languages, this is a reserved character.  Its usage here can be likened to naming a function with only the underscore “_” character.

:(){:|:& };:

The opening bracket indicates the start of the function’s body.  This should come as no surprise to any programmer worth his or her salt.

:(){ :|:& };:

The first colon in the function body indicates a recursive call to itself (already you can start to see where this is going…without any parameters to progress to a base case, recursion is generally a very, very bad idea…).

:(){ :|:& };:

Bash scripting gurus recognize this character immediately.  It’s used to “pipe” output from one source to another, or on a linux machine, from one command into another.  It is a very elegant way of chaining multiple commands together, taking the output of one and using it as the input to the next sequential command.  In this case…

:(){ : |:& };:

…the output from the first recursive call to “:” is piped into another recursive call to “:”.  Talk about rubbing salt in the wound.

:(){ :|:& };:

This seals the deal.  Up until now, the function would have certainly run amok, but could be terminated with a single kill command, ending all its aspirations of total CPU domination in a single press of the enter key.  The ampersand “forks” the process that is currently executing into a brand new process that is completely independent from the original one, allowing now two processes to run in parallel.

Yes.  Each recursive call spawns an entirely new process, which each makes its own recursive calls, spawning yet more processes…you can easily see how, with each passing CPU clock cycle, the number of new processes created increases – quite literally – at an exponential rate (2n processes, to be precise).

:(){ :|:& };:

Finally, the other bracket closes the function definition, and the semicolon is the proper bash syntax for signaling the end of a line.  At the very end, the colon is the actual call to the function we’ve defined, setting off the aforementioned fork bomb.

So.  I decided to try this out.

Fortunately for me, I have been running VMWare for the better part of the last few months (4 cores and 4GB of memory affords me flexibility in the applications I run 😉 ), so ideally I wouldn’t have to crash a physical system, only a virtual one.  I opened up the console to my Ubuntu VM, entered the fork bomb into a terminal, and with the physical operating system’s resource monitor up in front of me, I sat back to watch the science unfold.

It wasn’t long before the Ubuntu window stopped responding.  The resource monitor on my physical machine (Windows Vista) indicated a slow but definite increase in CPU usage – it started at 7% but ticked up linearly over the next minute and plateued somewhere in the 30-40% range.  Hard disk faults spiked, though I haven’t been able to figure out exactly why page faults would show a sudden increase.  RAM usage, interestingly enough, didn’t show much change.  Regardless, though, the interface to the Ubuntu machine was completely shot; I couldn’t access it at all.  And, for a time, the VMWare administrator interface itself locked up (I’m using VMWare 2.0).

I let it sit for a few more minutes, watching the resource monitor carefully but not noting any significant changes.  Again, I fired up the VMWare administrator panel, and this time it connected without problem.  I also had a Windows XP virtual machine running, and it had no problem accessing it and giving me status reports.  Furthermore, after a noticeable but still relatively short delay, it was able to pull up the status on the Ubuntu machine as well, though it still could not render a live console.

At this point, I hit the “stop” button in the admin interface that would kill the virtual machine entirely, and it worked without a hitch; the Ubuntu machine shut down in seconds.  My CPU usage plummeted back to around 7%, hard disk faults returned to normal, and everything seemed to operate just peachy.

In my conclusion of this experiment, I must first say: fork bombs are nasty.  These things can literally bring down entire computers.  This is why user account permissions and management are absolutely crucial; it isn’t like this requires root access to the system, or even any particularly special permission.  It’s just defining and executing a vanilla bash function, one which happens to exploit the system in a way it just can’t handle.  With great power comes great responsibility.

Secondly, I must offer my sincerest praise to the VMWare crew.  This is truly a brilliantly implemented product.  Charlie had hypothesized that VMWare would limit the virtual machines to particular CPU and memory usages, and that is exactly what it did (though he said he would laugh if I signed off of AIM suddenly…what a dickhead).  Furthermore, it remained almost 100% stable even though one of its virtual machines was screaming for system resources.

Truly masterful.  VMWare++.

And with that, I am off to Biochemistry.  Plan for tonight: hook up the IDE hard drive with all my Spain photos on it! 🙂


About Shannon Quinn

Oh hai!
This entry was posted in Programming, random, Technology and tagged , , , , , . Bookmark the permalink.

4 Responses to In the name of Science

  1. eksith says:

    We called it the spoon grenade 😉

    Forkers (also called Forkanistas and Forkqaeda) may need to find another method of doing this. I think I mentioned in an earlier comment to you, OpenBSD would terminate this process immediately. And I think most other BSDs as well as certain custom Linux builders are applying similar safeguards in future releases.

    I don’t recall where I saw this, but I do remember, it was on a Ubuntu distro with a custom compiled kernel. Fork bomb lasted about 30 seconds before being terminated (…”with extreme prejudice” as I recall).

    It might be only a matter of time before active memory monitoring would be present on most systems. VMWare might already have something similar though it looks like it pumps everything to page file instead of eating up RAM.

  2. magsol says:

    Man, BSD is on top of their game, aren’t they? No stack smashing, no spoon grenades…if I didn’t know better, I’d say they created their operating system with the intent of actually making it useful! 😛

    I know each VM is technically restricted in amount of CPU time and RAM it can utilize. Specifically, for my Ubuntu machine, I think it was restricted to a single core and 512MB of memory. I wasn’t expecting my physical machine to crash (though it is Vista, so you never know…), but at the very least I was waiting for VMWare to blink. And it never really did.

    Several years ago, I wrote a small C++ windows app that would continually open instances of cmd.exe that were invisible. A friend of mine actually tested it, and it forced him to reboot his machine. The fact that simple yet elegantly dangerous spoon grenades (copyright Eksith) may soon be obsolete is encouraging…though it certainly takes some of the fun out tooling around with VMs. 😛

  3. eksith says:

    Aaaah, not to worry. I have a feeling VMs themselves will offer beautiful opportunities for more interesting fun.

    You just know it’s a matter of time before someone finds a way to leak out of a hypervisor. Probably won’t have the same simple elegance of a spoon grenade, but it will come. And I’m sure even Rasta would be proud 😉

  4. Elizabeth says:

    We have just launched this new web site. It free and allow students to search for accommodation close to school, find study buddies and free classifieds. We would appreciate your feedback.
    Thanks, Elizabeth

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s