Most active commenters
  • protomyth(5)
  • Etzos(4)

←back to thread

Linux 4.5-rc5: efivarfs fixed to avoid “rm -rf /” bricking UEFI

(git.kernel.org)
279 points the_why_of_y | 13 comments | 22 Feb 16 18:08 UTC | HN request time: 0s | source | bottom
Show context
devit ◴[22 Feb 16 19:35 UTC] No.11153593[source]
It seems to me that the real issue is that "rm -rf" should by default not recurse into mounted filesystems, but should at most try to unmount them.

In addition to clearing EFI variables, the current behavior will also attempt to clear any mounted removable drives and any mounted network drives, which is usually even more harmful than messing with EFI.

Of course that would be a backwards incompatible change, although I don't think many scripts rely on this behavior.

replies(2): >>11153654 #>>11156040 #
1. Etzos ◴[22 Feb 16 19:43 UTC] No.11153654[source]
To be fair "rm -rf /" doesn't just work. You have to confirm that you really do want to delete everything. Destroying / in itself is pretty harmful. If you're planning to do that you should already know not to have anything you want to keep mounted.
replies(1): >>11153871 #
2. protomyth ◴[22 Feb 16 20:08 UTC] No.11153871[source]
For the few use cases where a system admin wants to "rm -rf /", there are hundreds of bad scripts that can screw up a system. I believe Solaris did the right thing and made it not work.

https://www.youtube.com/watch?v=l6XQUciI-Sc&t=81m

replies(1): >>11154309 #
3. Etzos ◴[22 Feb 16 21:09 UTC] No.11154309[source]
To be clear, the problem described in the video is not something that can happen. "rm -rf $1/$2" where $1 and $2 aren't defined (therefore making it "rm -rf /") will not run. If you really want to destroy your root directory you have to specify the --no-preserve-root flag. No more accidents from scripts that assume things poorly, but it will still do exactly what the user asks. 
replies(3): >>11154365 #>>11154900 #>>11155021 #
4. protomyth ◴[22 Feb 16 21:17 UTC] No.11154365{3}[source]
Yet, I can still delete my home directory by accident (e.g. Steam patch). The idea that any rm can kill the directory I'm in is just bad. A flag on rm is the wrong solution. It should just fail.
replies(2): >>11154462 #>>11154476 #
5. ambrice ◴[22 Feb 16 21:33 UTC] No.11154462{4}[source]
So you're saying they should remove the -r option entirely from rm?
replies(1): >>11154499 #
6. Etzos ◴[22 Feb 16 21:36 UTC] No.11154476{4}[source]
I disagree with this almost completely. If I tell my computer to do something it should just do it (possibly after some complaining). You cannot delete the directory you are immediately in, so that at the very least is prevented. But as you move away from just root the usefulness of deleting nearby folders and files actually becomes useful. And putting those kinds of things is absolutely a reasonable solution. It keeps you (and scripts) from shooting yourself in the foot but lets you do things as long as you acknowledge what you are actually doing.
replies(1): >>11154531 #
7. protomyth ◴[22 Feb 16 21:41 UTC] No.11154499{5}[source]
No, I'm saying that delete the current directory I am in is bad (as in non-standard behavior) and should not be allowed.

Asking if I want -r removed has nothing to do with anything.

8. protomyth ◴[22 Feb 16 21:46 UTC] No.11154531{5}[source]
I said "The idea that any rm can kill the directory I'm in is just bad. A flag on rm is the wrong solution. It should just fail."

you say "You cannot delete the directory you are immediately in, so that at the very least is prevented."

I have no idea what the rest of your comment is in relation to what I said other than I'm pretty sure you can accidentally delete a directory your in given what Steam did.

Deleting you current directory is against the POSIX standard. It should not be allowed.

replies(1): >>11154627 #
9. Etzos ◴[22 Feb 16 22:01 UTC] No.11154627{6}[source]
What I was saying was that "rm -rf ." just won't work. You cannot delete the directory you are in directly ("." and ".." are not valid options).

If however you delete a directory that is higher up the directory tree (e.g. the parent directory), it will be deleted.

As far as I can tell this does not violate the POSIX standard[1], as that situation is left as undefined (since in theory the directory you are deleting will chain to the directory you are currently in which is open in the tty).

Edit: The rest of my previous comment was trying to say that the utility of being able to self destruct the current directory is arguable. Why should it be prevented (especially when it could just be hidden behind a flag to prevent accidental destruction)?

Edit2: D'oh. Forgot the reference:

[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/rm...

replies(1): >>11154917 #
10. sillysaurus3 ◴[22 Feb 16 22:37 UTC] No.11154900{3}[source]
https://github.com/valvesoftware/steam-for-linux/issues/3671...

rm -rf "$STEAMROOT/"*

When $STEAMROOT was empty, "steam apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media."

replies(1): >>11155447 #
11. protomyth ◴[22 Feb 16 22:40 UTC] No.11154917{7}[source]
"If the current working directory of the process is being removed, that should be an allowed error."

Ok, I read that wrong a long while back, but "allowed error" is really odd. I guess I still side on an error is an error and it should not be allowed.

12. the_why_of_y ◴[22 Feb 16 22:54 UTC] No.11155021{3}[source]
It could happen in the past. Actually Solaris 10 was the first to fix it:

http://web.archive.org/web/20061021192240/http://blogs.sun.c...

GNU coreutils changed the default to --preserve-root some years later, in version 6.2:

http://git.savannah.gnu.org/cgit/coreutils.git/tree/ChangeLo...

13. dTal ◴[23 Feb 16 00:17 UTC] No.11155447{4}[source]
Wow that is an annoying example. Aside from not following the Golden Rule of shell variables (always consider the unset case), why on Earth didn't they just write rm -rf "$STEAMROOT" ? The trailing slash and asterisk do nothing. Cargo-cult scripting. Ick.