Results 1 to 10 of 10

Thread: Malicious commands announcement contains some inaccuracies

  1. #1
    Join Date
    Dec 2004
    Beans
    Hidden!
    Distro
    Hardy Heron (Ubuntu Development)

    Malicious commands announcement contains some inaccuracies

    I brought this up several months ago, but upon my return to the forums, I found that nothing had been changed, and so am bringing it up again.

    rm -r .* does exactly what one would naively expect it to do: it deletes everything in the directory recursively, except . and ... The exclusion of . and .. is explicitly outlined in the POSIX standard, and I've never seen any rm that follows '.' or '..'. Unfortunately, the Malicious Commands announcement describes the command as a deceptive one that will follow .. and delete everything above the working directory. In an announcement that is threatening immediate banning with no consideration for the circumstances, I would expect the examples given to be accurate enough to not create the potential for mistaken accusations.

    In general, it would be very nice if the announcement could be revised, now that the immediate situation from which it arose is far behind us. The way the examples are described could easily be mistakenly interpreted as saying, for example, that one should never run dd to a block device, when most of the cases when one actually needs to do so are probably going to be discussed in forums like these.

    I'm posting this here because I'm not sure where it should be posted, and the announcement doesn't allow replies.
    Last edited by cevans; October 28th, 2008 at 10:04 AM.

  2. #2
    Join Date
    Apr 2007
    Location
    NorCal
    Beans
    1,149
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Malicious commands announcement contains some inaccuracies

    It's safer to just do
    Code:
    rm -r ./*
    Then you don't have to find out the hard way
    Posting code? Use the [code] or [php] tags.
    I don't care, I'm still free. You can't take the sky from me.

  3. #3
    Join Date
    Apr 2006
    Location
    Seattle
    Beans
    2,893
    Distro
    Ubuntu Development Release

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by cevans View Post
    rm -r .* does exactly what one would naively expect it to do: it deletes everything in the directory recursively, except . and ... The exclusion of . and .. is explicitly outlined in the POSIX standard, and I've never seen any rm that follows '.' or '..'.
    Actually, if I remember right, there was a buggy version of coreutils in an older version of Ubuntu that did in fact do that. Anyone want to back me up on this?

    I'll leave this up to jdong, since he wrote it and probably has more reasoning behind it than I would care to know.
    Also @jdong or other staff: that announcement expires on Dec 21, think it should be renewed?

    As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. But don't go trying it out.
    Last edited by jpeddicord; October 29th, 2008 at 03:47 AM.

  4. #4
    Join Date
    Apr 2007
    Location
    NorCal
    Beans
    1,149
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by jacobmp92 View Post
    As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. But don't go trying it out.
    /me actually considered it for a moment
    Posting code? Use the [code] or [php] tags.
    I don't care, I'm still free. You can't take the sky from me.

  5. #5
    Join Date
    Dec 2006
    Location
    Hogwarts, `UNKNOWN`
    Beans
    Hidden!
    Distro
    Ubuntu 8.10 Intrepid Ibex

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by jacobmp92 View Post
    But don't go trying it out.

  6. #6
    Join Date
    Aug 2005
    Location
    Huntsville, AL, USA
    Beans
    7,526
    Distro
    Ubuntu

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by EDavidBurg View Post
    /me actually considered it for a moment
    I might try actually since I want to install from scratch when Intrepid final comes out.

  7. #7
    -grubby is offline Iced Almond Soy Ubuntu, No Foam
    Join Date
    Aug 2007
    Beans
    Hidden!

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by jacobmp92 View Post
    As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. But don't go trying it out.
    I already did, in Hardy. It went somewhat like this :

    Code:
    nathan@linda:~$ sudo [...]
    [sudo] password for nathan:
    rm: cannot remove root directory `/'
    nathan@linda:~$
    Last edited by jpeddicord; October 30th, 2008 at 03:46 AM.

  8. #8
    Join Date
    Apr 2007
    Location
    NorCal
    Beans
    1,149
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by nathangrubb View Post
    I already did, in Hardy. It went somewhat like this :

    Code:
    nathan@linda:~$ sudo [...]
    [sudo] password for nathan:
    rm: cannot remove root directory `/'
    nathan@linda:~$
    Ptsh. But it's so fun...
    Last edited by jpeddicord; October 30th, 2008 at 03:45 AM.
    Posting code? Use the [code] or [php] tags.
    I don't care, I'm still free. You can't take the sky from me.

  9. #9
    Join Date
    Dec 2004
    Beans
    Hidden!
    Distro
    Hardy Heron (Ubuntu Development)

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by EDavidBurg View Post
    It's safer to just do
    Code:
    rm -r ./*
    That doesn't do the same thing, as it won't remove any files in the directory that start with '.'.

    Quote Originally Posted by jacobmp92 View Post
    Actually, if I remember right, there was a buggy version of coreutils in an older version of Ubuntu that did in fact do that. Anyone want to back me up on this?
    Strange, though that would certainly be a bug.

    As an aside, Intrepid has a modified rm that will try to safeguard against removing the root directory. [B]But don't go trying it out.[/B
    One can't mention something like that and not expect that everyone will immediately try it! That reminds me of long ago when I learned about the bash fork bomb, and proceeded to repeatedly crash my system with it while trying it out.

  10. #10
    Join Date
    Apr 2006
    Location
    Seattle
    Beans
    2,893
    Distro
    Ubuntu Development Release

    Re: Malicious commands announcement contains some inaccuracies

    Quote Originally Posted by cevans View Post
    One can't mention something like that and not expect that everyone will immediately try it! That reminds me of long ago when I learned about the bash fork bomb, and proceeded to repeatedly crash my system with it while trying it out.
    Hence why I didn't mention how to do it and the above two edits.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •