Page 16 of 20 FirstFirst ... 61415161718 ... LastLast
Results 151 to 160 of 193

Thread: Join the fight against malicious commands given to new users

  1. #151
    Join Date
    May 2007
    Location
    /earth/US/Illinois
    Beans
    1,705
    Distro
    Ubuntu

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by kevdog View Post
    Something seems wrong to me. If someone can delete there entire home directory with one single command ... seems like something should be done to address this -- possibly enable safe-checking by default in some config file that could be deactivated if you wanted to bypass it in the future.

    Not to be a jerk, but I'm getting kind of tired seeing the whole don't type rm -rf if you don't know what you are doing. It tends to lose its significance when its plastered all over the place.
    I have to agree. Cant they include something that would ask "Are you sure?" I know its very Vista like...but thats what happens when you get more and more users. If they only singled out those commands then i wouldn't mind it. You don't usually need those commands often and it would be nothing like UAC in vista -> "Are you sure you want to run Blue Screen of Death.exe?"
    Dialup or no internet on your Ubuntu box? Have no fear, Keryx is here! Keryx Project
    My blog

  2. #152
    Join Date
    Apr 2007
    Beans
    14,781

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by kevdog View Post
    Something seems wrong to me. If someone can delete there entire home directory with one single command ... seems like something should be done to address this -- possibly enable safe-checking by default in some config file that could be deactivated if you wanted to bypass it in the future.

    Not to be a jerk, but I'm getting kind of tired seeing the whole don't type rm -rf if you don't know what you are doing. It tends to lose its significance when its plastered all over the place.
    The point is to make the warnings widespread, if you notice it, others will.

    As for the home directory, it is yours, you can do anything you want to it. For Ubuntu, running a command as a user will not destroy the system only the users files. Running as root is a different story.

    Windows can be destroyed with one command easily,
    Code:
    format C:
    or
    Code:
    del c:\*
    I do not think posting these commands here is dangerous, because users familiar with the Windows command line know what these do, and if not, they don't use the command line.

  3. #153
    Join Date
    Apr 2007
    Beans
    14,781

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by EXCiD3 View Post
    I have to agree. Cant they include something that would ask "Are you sure?" I know its very Vista like...but thats what happens when you get more and more users. If they only singled out those commands then i wouldn't mind it. You don't usually need those commands often and it would be nothing like UAC in vista -> "Are you sure you want to run Blue Screen of Death.exe?"
    You can use the -i switch to prompt before erasing.

    These commands are using in shell scripts. Shell scripting was designed as a scripting language, not an application.

  4. #154
    Join Date
    Sep 2005
    Location
    New York
    Beans
    Hidden!

    Re: Join the fight against malicious commands given to new users

    Regarding the coreutils change, wasn't that just a change to the default behavior? The latest manpage from GNU shows that they've just switched around the default behavior. The option to not respect the root directory is still there and anybody intent on using rm maliciously could simply start instructing people to use (otherwise harmless command + no respecting root option).
    Last edited by Iandefor; November 25th, 2007 at 07:58 AM.
    This space intentionally left blank.

  5. #155
    Join Date
    May 2006
    Location
    Madras, India.
    Beans
    533
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Join the fight against malicious commands given to new users

    Couldn't we have the default Ubuntu user's .bashrc file have rm aliased to rm -i? Anyone who doesn't like that could change it, and it makes things a little safer (admittedly it doesn't solve the problem)
    May the FOSS be with you!

  6. #156
    Join Date
    May 2007
    Beans
    147

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by argie View Post
    Couldn't we have the default Ubuntu user's .bashrc file have rm aliased to rm -i? Anyone who doesn't like that could change it, and it makes things a little safer (admittedly it doesn't solve the problem)
    That's a bit much...I realize the user base Ubuntu is trying to market itself to, but can't we leave it to the stickies to warn new users of such things? I realize that such a thing would be easily reversible, but if you add one feature like that you'll add two, three, four, and a month later you'll have an operating system like Vista. I use Ubuntu for its extremely large repositories and regular updates, but if you try and impose that kind of operating system on any seasoned user...well, I'll just say that I won't be using Vista over XP (for school/work purposes) until a hack is publicly released to disable the constant naggings targeted at 'sixpack joe'.

  7. #157
    Join Date
    Aug 2005
    Location
    Sweden
    Beans
    1,177

    Re: Join the fight against malicious commands given to new users

    Does this sig give the right message or do you interpret something else from it?
    Code:
    :twisted:  [*URL="http://ubuntuforums.org/showthread.php?t=618822"]( [*COLOR="Red"]rm -rf[/COLOR] ) = ( [*COLOR="Red"]format C:[/COLOR] ) [/URL]  :cry:
    Last edited by jingo811; November 25th, 2007 at 12:14 PM.

  8. #158
    Join Date
    May 2006
    Location
    Madras, India.
    Beans
    533
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by Colro View Post
    That's a bit much...I realize the user base Ubuntu is trying to market itself to, but can't we leave it to the stickies to warn new users of such things? I realize that such a thing would be easily reversible, but if you add one feature like that you'll add two, three, four, and a month later you'll have an operating system like Vista. I use Ubuntu for its extremely large repositories and regular updates, but if you try and impose that kind of operating system on any seasoned user...well, I'll just say that I won't be using Vista over XP (for school/work purposes) until a hack is publicly released to disable the constant naggings targeted at 'sixpack joe'.
    I see where you're coming from and I don't use the -i flag myself (my carelessness has cost me before, deleting through nautilus, but I'm ever so careful with the command line). But perhaps some sort of beginner mode which enables all these funny things which could be turned on and off.
    May the FOSS be with you!

  9. #159
    Join Date
    Oct 2007
    Beans
    182

    Re: Join the fight against malicious commands given to new users

    I'll support this cause. It's just as bad as "hey, press F10 to get free guns" in Counter-Strike >.>
    The views expressed in this post belong to Tristam Green and do not represent the views of any other entity, foreign or domestic, as long as you both shall live, Amen.
    OMG! Cheesecake! | Fuduntu - catch the fever!

  10. #160
    Join Date
    Nov 2005
    Location
    Atlanta GA
    Beans
    295
    Distro
    Ubuntu Studio 13.10 Saucy Salamander

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by kevdog View Post
    Something seems wrong to me. If someone can delete there entire home directory with one single command ... seems like something should be done to address this -- possibly enable safe-checking by default in some config file that could be deactivated if you wanted to bypass it in the future.
    There is a safeguard for this. It is to not use rm -fR on any directory, until you understand the ramifications of using the command, and don't use sudo unless you are absolutely sure you understand the ramifications. It is your gun. It is really your responsibility to learn enough about it not to shoot yourself in the foot. The main time an average user (I am not referring to the inquisitive clever people here) needs sudo is to update software. One great assistance is the help option
    Code:
    rm --help
    or
    Code:
    rm -h
    Almost every command has a short help page, that can get you started in understanding the command. Some commands also have a manual page. You can get to the manual page by typing
    Code:
    man rm
    in the terminal window (to get out of the manual, hit the [q] button).

    You cannot get into trouble if you always choose education as your defense against bad advise. You may have to ask 2 or 3 people and triangulate a useful path from a mixture of all they say.

    Most installations work pretty well, just out of the box and do not need to be "helped." How many million users of Ubuntu are there, and how many thousand users are there on this forum?? When you are looking at a support forum, it makes you feel like the darned thing NEVER EVER works. I used to do warranty repairs, and for quite a while, I felt that HP, Compaq, Dell and EMachines, oh and Sony, too, were all crap and then I realized I was spending all my time with the tiny percentage that needed warranty repairs. Then I felt better about all those companies. The problem with this statistical approach is this: though maybe 1 in 10,000 users have problems, if you are a user with a problem, you feel like you have 100% of the problem. You might have been working with it for 5 hours, are frustrated and annoyed (not emotions that improve problem-solving ability) and ready to toss the whole thing, and when somebody who sounds like they know more than you says to do something, you might just do it without a thought. Personally, I have not always needed bad advise to do risky things, but it certainly makes things easier - takes me off the hook for having done whatever I did.

    The thing is, you cannot defend against yourself, even when given bad advise by mean-spirited trolls. The people who might use the commands without understanding them need time to learn. Maybe the sig line ought to read "What some people don't want you to know about Linux" and link that to the article about malicious advice, which could then point to a short tutorial. There are almost always 1 or 2 options that are commonly used and 10 others that are occasionally used, so there is always something more to learn about almost all commands, but I agree with you that people will desensitize, after a while from the "Don't run commands" sig lines.

    They don't know what they don't know, and they don't know that there are things that they don't know that can help (or hurt) them.
    Last edited by saphil; November 25th, 2007 at 03:39 PM.
    Wolf Halton - Senior PCI Compliance/Vulnerability Engineer @ Atlanta Cloud Technology
    Today is Yesterday's Tomorrow!
    'This Apt Has Super Cow Powers! -"Have you mooed today?"'

Page 16 of 20 FirstFirst ... 61415161718 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •