←back to thread

Linux 4.5-rc5: efivarfs fixed to avoid “rm -rf /” bricking UEFI

(git.kernel.org)
279 points the_why_of_y | 1 comments | 22 Feb 16 18:08 UTC | HN request time: 0.208s | source
Show context
devit ◴[22 Feb 16 19:35 UTC] No.11153593[source]
It seems to me that the real issue is that "rm -rf" should by default not recurse into mounted filesystems, but should at most try to unmount them.

In addition to clearing EFI variables, the current behavior will also attempt to clear any mounted removable drives and any mounted network drives, which is usually even more harmful than messing with EFI.

Of course that would be a backwards incompatible change, although I don't think many scripts rely on this behavior.

replies(2): >>11153654 #>>11156040 #
Etzos ◴[22 Feb 16 19:43 UTC] No.11153654[source]
To be fair "rm -rf /" doesn't just work. You have to confirm that you really do want to delete everything. Destroying / in itself is pretty harmful. If you're planning to do that you should already know not to have anything you want to keep mounted.
replies(1): >>11153871 #
protomyth ◴[22 Feb 16 20:08 UTC] No.11153871[source]
For the few use cases where a system admin wants to "rm -rf /", there are hundreds of bad scripts that can screw up a system. I believe Solaris did the right thing and made it not work.

https://www.youtube.com/watch?v=l6XQUciI-Sc&t=81m

replies(1): >>11154309 #
Etzos ◴[22 Feb 16 21:09 UTC] No.11154309[source]
To be clear, the problem described in the video is not something that can happen. "rm -rf $1/$2" where $1 and $2 aren't defined (therefore making it "rm -rf /") will not run. If you really want to destroy your root directory you have to specify the --no-preserve-root flag. No more accidents from scripts that assume things poorly, but it will still do exactly what the user asks. 
replies(3): >>11154365 #>>11154900 #>>11155021 #
sillysaurus3 ◴[22 Feb 16 22:37 UTC] No.11154900[source]
https://github.com/valvesoftware/steam-for-linux/issues/3671...

rm -rf "$STEAMROOT/"*

When $STEAMROOT was empty, "steam apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media."

replies(1): >>11155447 #
1. dTal ◴[23 Feb 16 00:17 UTC] No.11155447[source]
Wow that is an annoying example. Aside from not following the Golden Rule of shell variables (always consider the unset case), why on Earth didn't they just write rm -rf "$STEAMROOT" ? The trailing slash and asterisk do nothing. Cargo-cult scripting. Ick.