7

After recently reading the article "8 Deadly Commands You Should Never Run on Linux", I've planned on somehow blocking/preventing/changing certain commands. I'm not worried that someone else will run destructive commands on my PC. I'm worried that I may be the culprit behind the accident.

I am worried about the commands listed below.

wget http://example.com/something -O – | sh –
  • I've run this line when I was copying & pasting commands from a guide. Had I noticed sh -, I'd have only run that after checking out the archive contents.

rm -rf /
  • I accidentally hit the 'Enter' key a lot...

I want to prevent making these mistakes in the future. Is there a command/configuration file that can ensure I don't commit these mistakes? I do not want to be able to run the commands above even with sudo/root permissions. It it okay if the solution can be reversed.

Resources that will help me learn more about Ubuntu (excluding common Ubuntu Wiki/Help/etc. links) would be greatly appreciated!

Data loss isn't my main concern. I want to make the terminal a little safer for myself ('newb-proofed' if you will). This would be helpful to me as I've got lot's to learn. I've started school again, & I can't be spending too much of my time resolving problems/error (as interesting as it is).

Edit:

Is it possible to require specific commands to ask for confirmation? If I wanted to set specific commands to require a special password, can it be done?

wjandrea
  • 14,504
David your friend
  • 733

1 Answers1

16

As I've said in the comments, knowing what you type is the best security.

Here's an example , that has been used in a related question

`base64 --decode <<< "cHJpbnRmICclcycgICdIZWxsbyBXb3JsZCcK"`

( and for completeness, you can use -d flag instead of --decode. Someone who tried editing my answer said -d is invalid, however it's very much valid, specified in the manual)

Do you know what this does ? It's a disguised printf '%s' 'Hello World'. Harmless , right? What if this was rm -rf / ? Blacklisting won't save you when something is disguised. Can you see this command put on a legitimate forum by a malicious user ? Because that does happen. And it doesn't have to be exactly that command - if you are new user and have no idea what you're doing, a malicious user could tell you remove python or some other key package, and that would fix whatever issue that has brought you to their blog or forum.

But sure, you could blacklist something via global function (because functions take precedence over commands or aliases) in /etc/bash.bashrc like this:

function rm{

if [ "$1" = "-rf" ] && [ "$2" = "/" ]
then
    echo "This command is bad juju"
else
    rm "$@"
fi


}

This is just an example. And very redundant one - rm -rf / on Ubuntu by default requires confirmation.

This is also not bulletproof. What if I as attacker use a different shell ? Your bashrc magic won't have power in dash shell , which comes with Ubuntu also by default

Also, are you going to write function to blacklist each and every single malicious command ?

Additional note: copying what appears to be "harmless" command can also be dangerous. See How can I protect myself from this kind of clipboard abuse? and Stephane Chazelas' answer on the subject.

Sergiy Kolodyazhnyy
  • 107,582