The Google Cloud Shell is a very nice feature of Google services, but it has no process limit and the root account is accessible. Just use sudo and you may access the root account and then wreak havoc upon the system. Having a Linux shell account online is very useful to practise the Linux shell, but this needs work.
root@cloudshell:/$ rm -rf /usr root@cloudshell:/$ rm -rf /var rm: cannot remove '/var/lib/docker': Device or resource busy rm: cannot remove '/var/config/tmux/deleted_tabs': Read-only file system rm: cannot remove '/var/config/tmux/active_tabs': Read-only file system rm: cannot remove '/var/config/shared-secret/shared-secret': Read-only file system root@cloudshell:/$ ls -hula total 13M drwxr-xr-x 1 0 0 4.0K Aug 30 21:38 . drwxr-xr-x 1 0 0 4.0K Aug 30 21:38 .. -rwxr-xr-x 1 0 0 0 Aug 30 21:31 .dockerenv drwxr-xr-x 1 0 0 4.0K Aug 24 21:35 bin drwxr-xr-x 10 0 0 1.4K Aug 30 21:31 dev drwxr-xr-x 1 0 0 4.0K Aug 30 21:36 etc drwxr-xr-x 1 0 0 4.0K Aug 30 21:32 google drwxr-xr-x 2 0 0 4.0K Mar 25 2015 home drwxr-xr-x 1 0 0 4.0K Aug 30 21:31 lib drwxr-xr-x 2 0 0 4.0K Aug 24 21:17 lib32 drwxr-xr-x 2 0 0 4.0K Aug 24 21:15 lib64 drwxr-xr-x 14 0 0 4.0K Aug 24 21:18 libgit2 drwxr-xr-x 2 0 0 4.0K Aug 24 21:15 media drwxr-xr-x 2 0 0 4.0K Aug 24 21:15 mnt -rw-r--r-- 1 0 0 35K Apr 12 09:25 mysql-apt-config_0.8.17-1_all.deb drwxr-xr-x 1 0 0 4.0K Aug 30 21:32 opt -rw-r--r-- 1 0 0 3.1K Jul 18 2019 packages-microsoft-prod.deb dr-xr-xr-x 196 0 0 0 Aug 30 21:31 proc drwxrwxrwx 3 0 0 4.0K Aug 30 21:35 root drwxr-xr-x 1 0 0 4.0K Aug 30 21:32 run drwxr-xr-x 1 0 0 4.0K Aug 24 21:18 sbin drwxr-xr-x 2 0 0 4.0K Aug 24 21:15 srv dr-xr-xr-x 12 0 0 0 Aug 30 21:31 sys -rw-r----- 1 150328 89939 39 Oct 15 2020 tinkey.bat -r-xr-x--- 1 150328 89939 13M Oct 15 2020 tinkey_deploy.jar drwxrwxrwt 1 0 0 4.0K Aug 30 21:35 tmp drwxr-xr-x 1 0 0 4.0K Aug 30 21:38 var root@cloudshell:/$ rm -rf /lib |
Adding resource limits would be very useful.
The ulimit command is used to set resource limits on a Linux system. This command below will set a limit of 8000 processes on a user.
ulimit -u 8000 |
If this was used on the Cloud Shell system, it would make the system better, you would not be able to use fork bombs and lock the system up. But the Google engineers are amateur at best, resource limits are not complicated and this should be elementary. Maybe not allow sudo su - access? That is not even necessary, is it?
But you can install software using apt.
johnsmith@cloudshell:~$ sudo apt install prboom Reading package lists... Done Building dependency tree Reading state information... Done Package prboom is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source However the following packages replace it: prboom-plus E: Package 'prboom' has no installation candidate johnsmith@cloudshell:~$ sudo apt install prboom-plus Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: fluidr3mono-gm-soundfont freedoom libdumb1 libfluidsynth1 libglu1-mesa libjack-jackd2-0 libmad0 libmodplug1 libmpg123-0 libopus0 libopusfile0 libportmidi0 libsamplerate0 libsdl2-2.0-0 libsdl2-image-2.0-0 libsdl2-mixer-2.0-0 libsdl2-net-2.0-0 libsndio7.0 libvorbisfile3 libxss1 Suggested packages: jackd2 opus-tools sndiod mkvtoolnix vorbis-tools x264 The following NEW packages will be installed: fluidr3mono-gm-soundfont freedoom libdumb1 libfluidsynth1 libglu1-mesa libjack-jackd2-0 libmad0 libmodplug1 libmpg123-0 libopus0 libopusfile0 libportmidi0 libsamplerate0 libsdl2-2.0-0 libsdl2-image-2.0-0 libsdl2-mixer-2.0-0 libsdl2-net-2.0-0 libsndio7.0 libvorbisfile3 libxss1 prboom-plus 0 upgraded, 21 newly installed, 0 to remove and 6 not upgraded. Need to get 35.5 MB of archives. After this operation, 85.8 MB of additional disk space will be used. Do you want to continue? [Y/n] y |
That is pretty nice I guess. And you can run sudo apt update && sudo apt upgrade to upgrade software. After vandalism, the system is restored, so you can have fun deleting stuff and it will be fine when you load it up again. This is a fun sandbox.
Have a go yourself if you have a Google Account.
https://shell.cloud.google.com/?show=ide%2Cterminal. It is a lot of fun. It uses an Intel(R) Xeon(R) CPU @ 2.20GHz running on a KVM virtual machine.
root@cloudshell:/home/johnsmith$ lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 46 bits physical, 48 bits virtual CPU(s): 2 On-line CPU(s) list: 0,1 Thread(s) per core: 2 Core(s) per socket: 1 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 79 Model name: Intel(R) Xeon(R) CPU @ 2.20GHz Stepping: 0 CPU MHz: 2199.998 BogoMIPS: 4399.99 Hypervisor vendor: KVM Virtualization type: full L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 56320K NUMA node0 CPU(s): 0,1 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities |
This is the output of the lsblk command, this is the filesystem(s) supplied to each user.
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 65G 0 disk ├─sda1 8:1 0 60.9G 0 part /run/google/devshell ├─sda2 8:2 0 16M 0 part ├─sda3 8:3 0 2G 0 part │ └─vroot 253:0 0 2G 1 dm /lib/modules ├─sda4 8:4 0 16M 0 part ├─sda5 8:5 0 2G 0 part ├─sda6 8:6 0 512B 0 part ├─sda7 8:7 0 512B 0 part ├─sda8 8:8 0 16M 0 part ├─sda9 8:9 0 512B 0 part ├─sda10 8:10 0 512B 0 part ├─sda11 8:11 0 8M 0 part └─sda12 8:12 0 32M 0 part sdb 8:16 0 5G 0 disk └─sdb1 8:17 0 5G 0 part /home zram0 252:0 0 768M 0 disk [SWAP] |