Deadly Shell Commands Explained

I will explain some ‘fun’ shell commands. For some commands, you don’t have to be superuser to do a little damage. But you don’t have to do that in any circumstances.

Any user that know some basic UNIX commands, know about rm -rf / . This command is not correct for most OS because of a security feature of rm command.

     1. rm -rf --no-preserve-root /

If we run this command without the --no-preserve-root  argument, we will get a ‘rm of / is not allowed’, or something like that. This protection feature was introduced by most Unix-like OS (introduced by Solaris). If we take a look at rm command manual, we will see that the option --preserve-root  is default.

Another fact about rm command, is that removing files from your filesystem only unlinks files from the disk. Deleted files are still on the disk, so you can recover them if you act immediately with tools like extundelete .

When this command is run properly, rm command is loaded into RAM memory, so even if the binary /bin/rm is removed, it will continue to remove files.

Moreover, some errors can occur; one of them is “device or resource busy”, when it tries to remove files which are mount points of partitions.

Tested. I tested it on Ubuntu 12 and removed everything. It said device is busy on ‘/’ (there was mounted /dev/sda1). Anyway, ls , shutdown , reboot  were some unavailable commands.

     2. :(){ :|: & };:

This is called a type of fork bomb and you don’t have to be root to run it. This fancy command means that you define a function called “:”, that calls itself and redirect the output to itself. “&” means that it runs in background.

You probably know what happens. This function will run out of your system resources because it keeps double itself. A user (that is not root) have a limited number of processes, but it can lag your system.

Tested. I have tested this command on a VM ( 1 CPU, 1G RAM). It was 432 load average almost instantly and I had to reboot it.

     3. mkfs /dev/sda1

Running this command, you format /dev/sda1 partition and lose the data. You have to be superuser to make file systems.

Also, on some OS, you can’t make file systems if /dev/sda1 is mounted. You have to umount first. And if there are processes that are using the device, you will get a “device is busy”.

Tested. Using only this command, I got “/dev/sda1 is mounted; will not make a filesystem here!”

     4. echo 726d202d7266202a | xxd -r -p

This is not a dangerous command, it is just funny. If we translate that code from hexadecimal to ASCII characters, we will have:

  • 72 = r
  • 6D = m
  • 20 = Space
  • 2D = –
  • 66 = f
  • 2A = *

Second command get the output of the first command and translate it, in reverse, from hexadecimal to original binary.

Tested. When you run this command, you will see only a funny output: rm -rf *

     5. chmod a-x /bin/chmod

This command change the permissions for chmod binary, so the chmod command can’t be executed anymore. When you try to chmod any file, you will get a permission denied.

Tested. This ‘prank’ can be easily solved with a trick. You create a temporary file /bin/something by cp  an existing binary (/bin/touch) into it.

Now you have to cat  in this file the content of /bin/chmod, remove chmod  and rename ‘something’ to chmod .

Leave a Reply

Your email address will not be published. Required fields are marked *