Linux-käyttäjän painajainen: kone pyyhittiin tyhjäksi yhdellä klikkauksella
www.mikrobitti.fi
KDE Plasman käyttäjän teemanasennus päättyi painajaismaiseen tilanteeseen.
  • Troy@lemmy.ca
    2·
    11 months ago

    That reminds me…

    In circa 1995 I was running a dial upBBS service – as a teenager. So if course, it was full of bootlegged video games and such, and people would dial in, download a game, log off.

    Someone uploaded Descent or something like that. But they had put "deltree /y C:" or similar into a batch file, used a BAT2COM converter program, then a COM2EXE program, then padded the file size to approximately the right size with random crap (probably just using APPEND)… And uploaded it. Well, fortunately for the rest of my users, I say the game and said: oh, that’s neat, I should try it and copied it to another computer over my internal network and launched it. It started deleting files right away and I hit CTRL-C to abort. I lost only a few dozen files.

    Banned the user, deleted the package. Got lucky.

  • MyNameIsRichard@lemmy.ml
    1·
    11 months ago

    A theme is software and software has bugs. While this one had a pretty dramatic effect, you take basically the same risk with every program you run. This, along with hardware and user errors are why backups are so important; they change a disaster to an inconvenience.

    / Preach mode off

  • MangoPenguin@lemmy.blahaj.zoneEnglish
    1·
    11 months ago

    That’s what good backups are for.

    I image all my PCs daily with Veeam, bootable media is on my Ventoy USB stick, and restoring is easy as you just boot up the restore media and it pulls the latest backup over the network.

  • deadbeef79000@lemmy.nz
    1·
    11 months ago

    rm -rf ${var}/ is a disaster waiting to happen.

    Always do rm -rf "${var:?}/" so that the script aborts if the variable is empty. Or better yet rm -rf "./${var:?}/".

    Edited to add quotes. Always quote a path: it might have spaces in it, without quotes that will become multiple paths! Which would also have avoided the particular bug in question.

    • Samueru@lemmy.world
      1·
      11 months ago

      In this case the issue was that a change between kde5 and kde6 let to the variable being defined as somepath / (notice the space).

    • mumblerfish@lemmy.world
      0·
      11 months ago

      Is there not also a way to disallow empty variables in the script, I think it is set -u? Then you don’t have to keep thinking “should I add a :? here because if empty it may lead to disaster” all the time. Might be even safer.

  • BCsven@lemmy.ca
    0·
    11 months ago

    The theme contained rm -rf, but claims it wasn’t malicious intent…I assume rm -rf for cleanup, but seems like it should have a apecific path other than /

    • carzian@lemmy.ml
      0·
      11 months ago

      The command was rm -rf $pathvariable

      Bug in the code caused the path to be root. Wasn’t explicitly malicious

      • Dandroid@sh.itjust.works
        0·
        11 months ago

        Don’t most distros have safeguards against this? I tried sudo rm -rf / in an Ubuntu VM that I was about to delete just to see what happened, and it gave me a warning. I had to add some other option to bypass the warning.