Page 5 of 20 FirstFirst ... 3456715 ... LastLast
Results 41 to 50 of 193

Thread: Join the fight against malicious commands given to new users

  1. #41
    Join Date
    Nov 2007
    Beans
    73
    Distro
    Ubuntu 7.10 Gutsy Gibbon

    Re: Join the fight against malicious commands given to new users

    I'm new here, but this is a worthy cause, I updated my signature.
    NEVER use a command given to you before asking and knowing exactly what it does. Make sure you know what it is that you're telling your system to do before doing it; some commands can be very harmful to your system or leave you vulnerable to attack.

  2. #42
    Join Date
    May 2007
    Beans
    7,032
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by Irihapeti View Post
    I have some reservations about man pages. Many of them - not all, though - seem to me to be written by geeks for geeks. On a number of occasions I've looked at them and felt just plain overwhelmed, and I don't consider myself particularly stupid. (Even my kids agree!) So how is a new user, especially one who is under stress because of something that's gone wrong, going to cope?

    Just my thoughts.
    The man page has limited usefulness for beginners, agreed, but they actually make good sense in this context. One of the successful attacks I saw was someone asking how to install Skype. He ran the malicious command.

    If, instead, he had first typed
    Code:
    man rm
    and seen:
    rm - remove files or directories
    he may at least have wondered how on earth such a command would help to install a VOIP application.
    I am aware of all internet traditions. | Getting the best help | Text formatting codes | My last.fm profile
    Should I PM support questions? NO!

  3. #43
    Join Date
    May 2007
    Beans
    237
    Distro
    Kubuntu 7.10 Gutsy Gibbon

    Re: Join the fight against malicious commands given to new users

    I guess I'm in that awkward-still-new-yet-knows-where-everything-is stage on these forums, so I'll participate. >_>
    Error: Variable SIGNATURE was not found. Printing error report...

  4. #44
    Join Date
    Oct 2004
    Location
    Cupertino, CA
    Beans
    5,092
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by Tundro Walker View Post
    Almost sounds like some kind of intelligence needs to be built into the command-line for this.

    In the old DOS days, when you'd put "del *.*", it would prompt you, asking "this will wipe out everything...are you sure? Y/N"
    .

    Code:
    [jdong@jdong:/tmp/foo]$ rm *                                      (11-20 21:48)
    zsh: sure you want to delete all the files in /tmp/foo [yn]? %
    Some shells do this, but I argue it's a security flaw -- that is, it lures the user into a false sense of security. For example:

    Code:
    python -c 'import os; os.system("".join([chr(ord(i)-1) for i in "sn!.sg!+"]))'
    is the exact same thing as rm * and if I executed the above, I do not expect any shell to detect that I am executing a destructive command.

    Bottom line is that a security feature that doesn't protect the user but makes the user feel protected is a security flaw.
    Quote Originally Posted by tuxradar
    Linux's audio architecture is more like the layers of the Earth's crust than the network model, with lower levels occasionally erupting on to the surface, causing confusion and distress, and upper layers moving to displace the underlying technology that was originally hidden

  5. #45
    Join Date
    Sep 2005
    Beans
    345
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by toupeiro View Post
    Ok, I am seriously not trying to play devils advocate here, but I think that making the rm command this taboo thing in bold saying never sudo rm -rf anything is counterproductive. Rather, why don't you promote man pages. Like.. for ANY command you see on ANY internet site, check the man pages BEFORE you execute it.

    rm is only dangerous if you don't know what you are doing. Don't scare absolute beginners with rm -rf. Teach them how to use rm safely!
    I know rm -rf / is a joke among linux oldbies, but yeah, someone telling a new user to do that is awful. Ever since I started using linux (what 7 years ago? sheesh)
    I've always read the man pages, in fact I hate when there aren't man pages even for gui apps. It certainly shouldn't be taboo to run a command, especially when linux is about freedom. However the freedom to learn, and learning should be emphasized here. To quote the booze ads, "use linux responsibly".

    personally I love rm. And rm -rf is a great way to clear out unwanted folders.
    after all, this is essentially what right-click move to trash does. (only it moves it and doesn't remove it)

    and for further clarification, does it not simply unlink the data? Isn't it still recoverable? I'd be more concerned about a command that wrote zeros to a hard disk.
    The Nameless Blog
    If someone helps you, thank them.
    DON'T DO "sudo rm -f brain" it will unlink your brain file

  6. #46
    Join Date
    Jul 2007
    Location
    Tāmaki Makau-rau, NZ
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by p_quarles View Post
    The man page has limited usefulness for beginners, agreed, but they actually make good sense in this context. One of the successful attacks I saw was someone asking how to install Skype. He ran the malicious command.

    If, instead, he had first typed
    Code:
    man rm
    and seen:

    he may at least have wondered how on earth such a command would help to install a VOIP application.
    I think I get where you're coming from. They wouldn't need to understand all the - just enough to realise that this isn't a good thing to do. Good point.
    BACKUPS are unsexy — until you discover you should have done one yesterday.
    Spare your nerves and do one before you upgrade or install.

  7. #47
    Join Date
    Jan 2007
    Location
    Houston, TX
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by Irihapeti View Post
    I have some reservations about man pages. Many of them - not all, though - seem to me to be written by geeks for geeks. On a number of occasions I've looked at them and felt just plain overwhelmed, and I don't consider myself particularly stupid. (Even my kids agree!) So how is a new user, especially one who is under stress because of something that's gone wrong, going to cope?

    Just my thoughts.
    In light of what you said, I found an online man pages layout that is easier on the eyes.

    I agree that some man pages are overly verbose, but sometimes just reading the description is enough to save a persons system. They are the easiest, free point of reference available. Anything more would require someone to re-author them. If thats what you want, Barnes and Nobile is the store for you. that in itself is still a victory toward awareness.

    Also, man pages are EXCEEDINGLY better than any windows help files for finding exactly what you want to know. So, if they can cope with windows, they should be able to handle man.

    You're never going to be able to please everybody, but man pages have been around for decades. They are a good starting point until you find a better resource that suits your needs. the commands sed and awk are perfect examples. You could read the man pages to get an idea of what they do, but there are also books written exclusively about those two commands.

    from online man pages:

    NAME
    rm - remove files or directories

    nuff said?
    Last edited by toupeiro; November 21st, 2007 at 04:02 AM.
    "Its easy to come up with new ideas, the hard part is letting go of what worked for you two years ago, but will soon be out of date." -Roger von Oech

  8. #48
    Join Date
    Oct 2005
    Location
    Portland, Oregon USA
    Beans
    4,022

    Red face Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by toupeiro View Post
    In light of what you said, I found an online man pages layout that is easier on the eyes.

    I agree that some man pages are overly verbose, but sometimes just reading the description is enough to save a persons system. They are the easiest, free point of reference available. Anything more would require someone to re-author them. If thats what you want, Barnes and Nobile is the store for you. that in itself is still a victory toward awareness.

    Also, man pages are EXCEEDINGLY better than any windows help files for finding exactly what you want to know. So, if they can cope with windows, they should be able to handle man.

    You're never going to be able to please everybody, but man pages have been around for decades. They are a good starting point until you find a better resource that suits your needs.




    nuff said?
    That is a most awesome link I like your thinking!

    http://www.linuxmanpages.com/search.php

  9. #49
    Join Date
    Jan 2007
    Location
    Houston, TX
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Join the fight against malicious commands given to new users

    Quote Originally Posted by RAV TUX View Post
    That is a most awesome link I like your thinking!

    http://www.linuxmanpages.com/search.php
    Thanks!

    And although I generally dislike them, they even have a manpages search toolbar for download on their page. If I were ever going to install one, that would be the one! hehe
    "Its easy to come up with new ideas, the hard part is letting go of what worked for you two years ago, but will soon be out of date." -Roger von Oech

  10. #50
    Join Date
    Jun 2007
    Beans
    137

    Re: Join the fight against malicious commands given to new users

    I've added something in my sign too, but I don't post alot...

Page 5 of 20 FirstFirst ... 3456715 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •