Re: Join the fight against malicious commands given to new users
Again, not trying to beat a dead horse here, but are you sure calling "sudo rm -rf" malicious is a good thing to instill in a new user to linux. sudo rm -rf is not malicious, but can be dangerous if you don't know what you are doing. Telling someone not to ever sudo rm -rf doesn't seem like the right approach... Its probably been too long since I've been a new user of an OS to understand the viewpoint, but knowing how many times I've used that command for very productive reasons makes me think its a bad choice in teaching.
so, if I were to post a productive script on the forums which made use of rm -rf, would I get banned???
I could tell someone how to edit their sudoers file so everything they run in sudo is executed without being prompted for a password, or how to sudo vi something, then shell out and get a root prompt. (a behaviour ubuntu is subject to out of the box.) All those things COULD be used maliciously, but they are NOT malicious.
Finally, from the example on the beginners page.. mkfs..
From MAN pages:
NAME
mkfs - build a Linux file system
mkfs, is a part of how you setup drives in Linux!! If I were to make a post detailing mkfs, and they still blew up one of their drives, would I get banned?? Was I being malicious because I tried to show someone how to use mkfs and they blindly used the command?? There are a lot of users that just cut and paste code under a thread name they are looking for. THAT is the behavior it seems we sould be working to curb. Even apt-get, the most commonly quoted command in the forums, could be scripted and used maliciously.
Teaching people what these commands mean, and what they can do rather than discouraging their use seems like a much more educational approach.
Any script I write, whether it be in C, Korn, Bash, perl, Windows shell or vbs, I put comments before each command or set of commands explaning what each component is doing. You will never see a script I wrote posted any other way.
I guess I'm just saying, there are better ways to prevent malicious intent than blacklisting common system commands. If you want to get Linux to catch on, making people afraid of CLI commands is not the way to do it.
Last edited by toupeiro; November 21st, 2007 at 07:52 PM.
"Its easy to come up with new ideas, the hard part is letting go of what worked for you two years ago, but will soon be out of date." -Roger von Oech
Bookmarks