Join the fight against malicious commands given to new users

[EXCiD3]

Something seems wrong to me. If someone can delete there entire home directory with one single command ... seems like something should be done to address this -- possibly enable safe-checking by default in some config file that could be deactivated if you wanted to bypass it in the future.

Not to be a jerk, but I'm getting kind of tired seeing the whole don't type rm -rf if you don't know what you are doing. It tends to lose its significance when its plastered all over the place.

I have to agree. Cant they include something that would ask "Are you sure?" I know its very Vista like...but thats what happens when you get more and more users. If they only singled out those commands then i wouldn't mind it. You don't usually need those commands often and it would be nothing like UAC in vista -> "Are you sure you want to run Blue Screen of Death.exe?"

[LaRoza]

Something seems wrong to me. If someone can delete there entire home directory with one single command ... seems like something should be done to address this -- possibly enable safe-checking by default in some config file that could be deactivated if you wanted to bypass it in the future.

Not to be a jerk, but I'm getting kind of tired seeing the whole don't type rm -rf if you don't know what you are doing. It tends to lose its significance when its plastered all over the place.

The point is to make the warnings widespread, if you notice it, others will.

As for the home directory, it is yours, you can do anything you want to it. For Ubuntu, running a command as a user will not destroy the system only the users files. Running as root is a different story.

Windows can be destroyed with one command easily,

Code:

format C:

or

Code:

del c:\*

I do not think posting these commands here is dangerous, because users familiar with the Windows command line know what these do, and if not, they don't use the command line.

[LaRoza]

I have to agree. Cant they include something that would ask "Are you sure?" I know its very Vista like...but thats what happens when you get more and more users. If they only singled out those commands then i wouldn't mind it. You don't usually need those commands often and it would be nothing like UAC in vista -> "Are you sure you want to run Blue Screen of Death.exe?"

You can use the -i switch to prompt before erasing.

These commands are using in shell scripts. Shell scripting was designed as a scripting language, not an application.

[Iandefor]

Regarding the coreutils change, wasn't that just a change to the default behavior? The latest manpage from GNU shows that they've just switched around the default behavior. The option to not respect the root directory is still there and anybody intent on using rm maliciously could simply start instructing people to use (otherwise harmless command + no respecting root option).

[argie]

Couldn't we have the default Ubuntu user's .bashrc file have rm aliased to rm -i? Anyone who doesn't like that could change it, and it makes things a little safer (admittedly it doesn't solve the problem)

[Colro]

Couldn't we have the default Ubuntu user's .bashrc file have rm aliased to rm -i? Anyone who doesn't like that could change it, and it makes things a little safer (admittedly it doesn't solve the problem)

That's a bit much...I realize the user base Ubuntu is trying to market itself to, but can't we leave it to the stickies to warn new users of such things? I realize that such a thing would be easily reversible, but if you add one feature like that you'll add two, three, four, and a month later you'll have an operating system like Vista. I use Ubuntu for its extremely large repositories and regular updates, but if you try and impose that kind of operating system on any seasoned user...well, I'll just say that I won't be using Vista over XP (for school/work purposes) until a hack is publicly released to disable the constant naggings targeted at 'sixpack joe'.

[jingo811]

Does this sig give the right message or do you interpret something else from it?

Code:

:twisted:  [*URL="http://ubuntuforums.org/showthread.php?t=618822"]( [*COLOR="Red"]rm -rf[/COLOR] ) = ( [*COLOR="Red"]format C:[/COLOR] ) [/URL]  :cry:

[argie]

That's a bit much...I realize the user base Ubuntu is trying to market itself to, but can't we leave it to the stickies to warn new users of such things? I realize that such a thing would be easily reversible, but if you add one feature like that you'll add two, three, four, and a month later you'll have an operating system like Vista. I use Ubuntu for its extremely large repositories and regular updates, but if you try and impose that kind of operating system on any seasoned user...well, I'll just say that I won't be using Vista over XP (for school/work purposes) until a hack is publicly released to disable the constant naggings targeted at 'sixpack joe'.

I see where you're coming from and I don't use the -i flag myself (my carelessness has cost me before, deleting through nautilus, but I'm ever so careful with the command line). But perhaps some sort of beginner mode which enables all these funny things which could be turned on and off.

[Tristam Green]

I'll support this cause. It's just as bad as "hey, press F10 to get free guns" in Counter-Strike >.>

[saphil]

Something seems wrong to me. If someone can delete there entire home directory with one single command ... seems like something should be done to address this -- possibly enable safe-checking by default in some config file that could be deactivated if you wanted to bypass it in the future.

There is a safeguard for this. It is to not use rm -fR on any directory, until you understand the ramifications of using the command, and don't use sudo unless you are absolutely sure you understand the ramifications. It is your gun. It is really your responsibility to learn enough about it not to shoot yourself in the foot. The main time an average user (I am not referring to the inquisitive clever people here) needs sudo is to update software. One great assistance is the help option

Code:

rm --help

or

Code:

rm -h

Almost every command has a short help page, that can get you started in understanding the command. Some commands also have a manual page. You can get to the manual page by typing

Code:

man rm

in the terminal window (to get out of the manual, hit the [q] button).

You cannot get into trouble if you always choose education as your defense against bad advise. You may have to ask 2 or 3 people and triangulate a useful path from a mixture of all they say.

Most installations work pretty well, just out of the box and do not need to be "helped." How many million users of Ubuntu are there, and how many thousand users are there on this forum?? When you are looking at a support forum, it makes you feel like the darned thing NEVER EVER works. I used to do warranty repairs, and for quite a while, I felt that HP, Compaq, Dell and EMachines, oh and Sony, too, were all crap and then I realized I was spending all my time with the tiny percentage that needed warranty repairs. Then I felt better about all those companies. The problem with this statistical approach is this: though maybe 1 in 10,000 users have problems, if you are a user with a problem, you feel like you have 100% of the problem. You might have been working with it for 5 hours, are frustrated and annoyed (not emotions that improve problem-solving ability) and ready to toss the whole thing, and when somebody who sounds like they know more than you says to do something, you might just do it without a thought. Personally, I have not always needed bad advise to do risky things, but it certainly makes things easier - takes me off the hook for having done whatever I did.

The thing is, you cannot defend against yourself, even when given bad advise by mean-spirited trolls. The people who might use the commands without understanding them need time to learn. Maybe the sig line ought to read "What some people don't want you to know about Linux" and link that to the article about malicious advice, which could then point to a short tutorial. There are almost always 1 or 2 options that are commonly used and 10 others that are occasionally used, so there is always something more to learn about almost all commands, but I agree with you that people will desensitize, after a while from the "Don't run commands" sig lines.

They don't know what they don't know, and they don't know that there are things that they don't know that can help (or hurt) them.