Differences between revisions 10 and 16 (spanning 6 versions)
Revision 10 as of 2011-12-06 23:03:26
Size: 5048
Editor: ormaaj
Comment: obfuscated subshell bomb
Revision 16 as of 2013-02-21 15:30:24
Size: 4982
Comment:
Deletions are marked like this. Additions are marked like this.
Line 69: Line 69:
=== Abusing paste ===
{{{
   #prefix every line
   printf %s\\n foo bar | paste -d prefix_ /dev/null /dev/null /dev/null /dev/null /dev/null /dev/null /dev/null -
}}}
Line 75: Line 81:
command < <({<file;} 2>&-) # Opens an FD either to the file or one that does an EOF on read. { command < <(<file); } 2>&- # Opens an FD either to the file or one that does an EOF on read.
Line 78: Line 84:
=== Varying input === === Arithmetic variable recursion ===
Line 80: Line 86:
Pointlessly exploit the -t test to print two alternating strings by taking a different branch depending on how the number of remaining strings to print is passed into f. Also demonstrate use of FUNCNEST as a "safety catch" in bash 4.2 for playing with the below "risky" snippets as well as debugging possibly non-terminating recursive functions (slightly easier to use than limits). The Fibonacci series up to `LLONG_MAX` (on this amd64 Linux box) generated as a side-effect of Bash's recursive arithmetic variable lookup. The series is evaluated when `a[0]` is dereferenced as the last part of the substring expansion to `echo`, and Bash tries to figure out the integer value of `a[0]`, each time only to find another `a[0]` until `n++/94` == 1.
Line 83: Line 89:
herpderps(){
    f () if [[ -t 0 ]]; then printf 'herp '; (($1)) && f <<< $(($1-1)); else read -r x; printf 'derp '; ((x--)) && f $x <&1; fi
    ((FUNCNEST=$1+2))
    local -i x
    f $1
    printf 'durr\n'
}
a=('a[a[n]=a[n-1]+a[n-2],n++/94]' 2 0 1); echo "${a[@]:n=4,a}"
}}}
Line 91: Line 92:
herpderps 5 # prints "herp derp herp derp herp derp durr"
}}}
Bash searches to a depth of 1024. It's even portable to ksh93, which is limited to only 8 levels.
Line 118: Line 118:
A nicely camouflaged subshell bomb designed to be hard to parse by avoiding whitespace, obvious list delimiters (;), and characters other than parentheses, pipes, and brackets. It's slightly less deadly than the forkbomb but grows just as fast. Unfortunately requires some special options and works only in bash 4.2 or later due to the required lastpipe and unchecked illegal function names that are caught by Ksh. This is a nicely camouflaged subshell bomb designed to be hard to parse by avoiding whitespace, obvious list delimiters (;), and characters other than parentheses, pipes, and brackets. It's slightly less deadly than the forkbomb but grows just as fast. Unfortunately requires some special options and works only in bash 4.2 or later due to the required lastpipe and unchecked illegal function names that are caught by Ksh.
Line 128: Line 128:
Fun way to reverse-engineer this. The call chain prints a pretty pattern. Should be safe to run: === Fibonacci sequence example ===
Line 131: Line 131:
# optionally set -x and remove the trap.
$ shopt -s lastpipe; set -To pipefail; FUNCNEST=8; { trap 'echo "${FUNCNAME[*]}" >&3' RETURN; BASH_XTRACEFD=3; ((())|[()(]|[)||(())|]()([|])||]); } 2>/dev/null 3>&1
fibo() { local a=0; b="$1"; inc="$2"; while ((b < $inc)); do tmp=$((a+b)); a=$b; b="$tmp"; printf '%s ' "$tmp"; done; }; fibo 1 2048

Bash Toys

Introduction

For the sake of triviality and pointless uniquity, this page provides a collection of snippets that are syntactically correct but look unique, odd and often have no apparent useful purpose whatsoever.

This page exists purely for academic purposes. Do not use code like this in shell scripts.

Feel free to add your own.

Innocent

The snippets in this part, unlike the one under "Risky", are innocent, entertaining or just do nothing at all.

Pointless exercise in operators

The following burp of bash operators defines a function named _ which truncates a temporary pipe which contains the output of the no-op : command that yields no output; and then runs it. The result: Nothing whatsoever.

_(){ > >(:);};_

Pointless exercise in escaping

The following code changes the input string "< - >" into "<- ->".

\t\r \\\-\  \ \\\- <<< \<\ \-\ \>

Functions and Compound Commands

A function to do nothing at all, instantly killed off along with its parent sub-shell.

(:() (:))

Is it a keyword? a function? a variable?

#not useful at all...in bash
function for { echo $1 ;};for for in for;do \for $for;done

Obfuscated awk

# squeeze the newlines into one (like tr -s '\n'), assumes a bourne shell
printf "%s\n" foo  ''  '' bar | awk $$${$+ RS=}
#another version, requires bash, ksh or zsh
awk {newlines,RS}={12,}

Obfuscated sed

#remove all occurences of foo, with gnu sed
echo "foo bar foo" | sed  ':;;\;foo;s;;;;t;'

cut with join

#cut the first field a  string separated by : (like cut -d: -f1)
echo foo:moo | join -t :  -v1 -o 1.1  - /dev/null

Abusing paste

   #prefix every line 
   printf %s\\n foo bar | paste -d prefix_ /dev/null /dev/null /dev/null /dev/null /dev/null /dev/null /dev/null -

Silently open an "empty" FD when a file does not exist

Say you want to run a command that reads from a file, but you don't want your bash statement to error out when the file doesn't exist. Instead, you just want to run the command and should it try to read from standard input, send it an EOF immediately. Here's a way to do that really concisely:

command < file # Errors when file does not exist.
{ command < <(<file); } 2>&- # Opens an FD either to the file or one that does an EOF on read.

Arithmetic variable recursion

The Fibonacci series up to LLONG_MAX (on this amd64 Linux box) generated as a side-effect of Bash's recursive arithmetic variable lookup. The series is evaluated when a[0] is dereferenced as the last part of the substring expansion to echo, and Bash tries to figure out the integer value of a[0], each time only to find another a[0] until n++/94 == 1.

a=('a[a[n]=a[n-1]+a[n-2],n++/94]' 2 0 1); echo "${a[@]:n=4,a}"

Bash searches to a depth of 1024. It's even portable to ksh93, which is limited to only 8 levels.

Risky

Add snippets here that may be intrusive, dangerous or damaging when executed.

Do not run any of these snippets in your shell without fully understanding them, solely at your own risk!

And don't act like a 12 year old by passing these snippets to ignorant or unwitting people either.

Recursive exercise in operators

This creates a function named _ which truncates the temporary pipe that bash creates to contain the output of a new execution of the same function. The result is a recursively executing bash function. Since the recursion happens through an asynchronous process (which is how >(..) works), this one is slightly annoying to stop. Not quite as paralyzing as the Fork Bomb, though.

_(){ > >(_);};_

Fork Bomb

What this does is create a function named : which calls itself recursively. Twice. In the background. Since the function keeps calling itself over and over (forking new processes), forever, this quickly consumes a lot of system resources. This can be very destructive for a system where no resource limits are in effect.

:(){ :|:&};:

This is a nicely camouflaged subshell bomb designed to be hard to parse by avoiding whitespace, obvious list delimiters (;), and characters other than parentheses, pipes, and brackets. It's slightly less deadly than the forkbomb but grows just as fast. Unfortunately requires some special options and works only in bash 4.2 or later due to the required lastpipe and unchecked illegal function names that are caught by Ksh.

shopt -s lastpipe; set -o pipefail

((())|[()(]|[)||(())|]()([|])||])

# ((())|]()(]|])||]) # alternate

Fibonacci sequence example

fibo() { local a=0; b="$1"; inc="$2"; while ((b < $inc)); do tmp=$((a+b)); a=$b; b="$tmp"; printf '%s ' "$tmp"; done; }; fibo 1 2048

Toys (last edited 2015-06-01 16:42:52 by geirha)