May 30, 2008

Careful with That Command, Eugene

Updated: May 30, 2008

Not long ago, there were several discussions on UbuntuForums regarding a malicious command which was deliberately posted in the forums in order to make users damage their system if they typed it in a terminal using root privileges. The command is 'sudo rm -rf /' and means 'use root privileges to recursively remove, without asking for permission, the root directory / and its entire contents. I never tried it, but I DON'T recommend you to do so. It basically wipes out your Ubuntu (or Debian) installation. I think a workaround will soon be found for this, if it hasn't been yet.

The community's response to this was fast and efficient: in only several days, a huge number of users changed or added to their signature a warning saying to never use this command or any similar ones. A sticky thread explaining the dangers of using such a command was also available.

What amazed me was the solidarity and good intention of community members, which quickly mobilised and practically spread the word on not to use the above or any similar commands. I was really impressed.

The problem which arrives is that new Linux users are tempted to take such commands or scripts from all over the Internet and paste it brainlessly into the terminal, so they quickly complete whatever task they initially wanted to do. This I guess, should be treated carefully and probably such warnings on malicious commands should be available and easy to jump into, in order to reduce the risks at minimum.


JD said...

I don't speak/read/write Italian, so here goes with English. I appreciate the solidarity of the Ubuntu community, but if someone tells you to run a command that you've never heard of before, you should prolly spend 2 seconds googling it instead of blindly running it. Oh, and the new rm in coreutils doesn't allow rm -rf / to work.

Dan Craciun said...

That's a good think to know. I wasn't sure, but I suspected a workaround will be found to this.

Heso said...

It's not much of a failsafe since there's also an option that disables it. Besides, the whole idea is flawed. The "failsafe" is very crude, mostly useless and it was pretty much a waste of time to implement it.

Like the previous commenter said, if you're gonna copy and past console commands blindly then you can get burned.

You don't need to delete everything to hose your system, you can just as well delete /etc (and that failsafe that was added to rm won't protect you against that).

Besides, rm -rf / is just one malicious command. There are plenty other commands you can use to destroy the installed system. Even cat or echo can be evil if you're doing it with admin priviledges.

So the point is "think before you imitate" and I think the Ubuntu community has taken a very nice approach in spreading the word about this.