PDA

View Full Version : Malicious commands announcement contains some inaccuracies



cevans
October 28th, 2008, 10:01 AM
I brought this up several months ago, but upon my return to the forums, I found that nothing had been changed, and so am bringing it up again.

rm -r .* does exactly what one would naively expect it to do: it deletes everything in the directory recursively, except . and ... The exclusion of . and .. is explicitly outlined in the POSIX standard, and I've never seen any rm that follows '.' or '..'. Unfortunately, the Malicious Commands (http://ubuntuforums.org/announcement.php?f=307) announcement describes the command as a deceptive one that will follow .. and delete everything above the working directory. In an announcement that is threatening immediate banning with no consideration for the circumstances, I would expect the examples given to be accurate enough to not create the potential for mistaken accusations.

In general, it would be very nice if the announcement could be revised, now that the immediate situation from which it arose is far behind us. The way the examples are described could easily be mistakenly interpreted as saying, for example, that one should never run dd to a block device, when most of the cases when one actually needs to do so are probably going to be discussed in forums like these.

I'm posting this here because I'm not sure where it should be posted, and the announcement doesn't allow replies.

schauerlich
October 28th, 2008, 11:44 PM
It's safer to just do


rm -r ./*


Then you don't have to find out the hard way

jpeddicord
October 29th, 2008, 03:40 AM
rm -r .* does exactly what one would naively expect it to do: it deletes everything in the directory recursively, except . and ... The exclusion of . and .. is explicitly outlined in the POSIX standard, and I've never seen any rm that follows '.' or '..'.

Actually, if I remember right, there was a buggy version of coreutils in an older version of Ubuntu that did in fact do that. Anyone want to back me up on this?

I'll leave this up to jdong, since he wrote it and probably has more reasoning behind it than I would care to know. :)
Also @jdong or other staff: that announcement expires on Dec 21, think it should be renewed?

As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. But don't go trying it out.

schauerlich
October 29th, 2008, 05:23 AM
As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. But don't go trying it out.

/me actually considered it for a moment

Canis familiaris
October 29th, 2008, 04:51 PM
But don't go trying it out.
:twisted:

cyberdork33
October 30th, 2008, 02:44 AM
/me actually considered it for a moment

I might try actually since I want to install from scratch when Intrepid final comes out.

-grubby
October 30th, 2008, 03:10 AM
As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. But don't go trying it out.


I already did, in Hardy. It went somewhat like this :



nathan@linda:~$ sudo [...]
[sudo] password for nathan:
rm: cannot remove root directory `/'
nathan@linda:~$

schauerlich
October 30th, 2008, 03:13 AM
I already did, in Hardy. It went somewhat like this :



nathan@linda:~$ sudo [...]
[sudo] password for nathan:
rm: cannot remove root directory `/'
nathan@linda:~$


Ptsh. But it's so fun...

cevans
October 30th, 2008, 03:41 AM
It's safer to just do


rm -r ./*



That doesn't do the same thing, as it won't remove any files in the directory that start with '.'.


Actually, if I remember right, there was a buggy version of coreutils in an older version of Ubuntu that did in fact do that. Anyone want to back me up on this?

Strange, though that would certainly be a bug.


As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. [B]But don't go trying it out.[/B

One can't mention something like that and not expect that everyone will immediately try it! That reminds me of long ago when I learned about the bash fork bomb, and proceeded to repeatedly crash my system with it while trying it out.

jpeddicord
October 30th, 2008, 03:46 AM
One can't mention something like that and not expect that everyone will immediately try it! That reminds me of long ago when I learned about the bash fork bomb, and proceeded to repeatedly crash my system with it while trying it out.

Hence why I didn't mention how to do it and the above two edits. :)