Linux 4.5-rc5: efivarfs fixed to avoid “rm -rf /” bricking UEFI

(git.kernel.org)

279 points the_why_of_y | 1 comments | 22 Feb 16 18:08 UTC | HN request time: 0.719s | source

Show context

useerup ◴[22 Feb 16 22:41 UTC] No.11154936[source]▶

This is a case of a leaky abstraction (https://en.wikipedia.org/wiki/Leaky_abstraction). The "everything is a file" philosophy is the real problem here.

Specifically, the way a mental model of a hierarchy is broken by mounting a higher-order ressource (UEFI variables) as a subordinate of a file system that is itself a subordinate of the OS.

UEFI vars are just hardware resources. Mapping them as a file system object is just unnatural and, yes, stupid.

Trying to use a permission model ("only root can do it") overlooks the real problem: The user do not expect higher order objects to be mapped as subordinates of the file system.

When you delete from the file system, you expect objects to be deleted from the disk - not UEFI variables to be altered or deleted! And because the user does not expect such behavior, there's a good chance she/he will override warnings and go ahead with the operation expecting only file system objects to be affected.

This is "everything is a file" taken a bridge too far.

replies(2): >>11155483 #>>11157292 #

mjhoy ◴[23 Feb 16 00:25 UTC] No.11155483[source]▶

>>11154936 #

Where does Linux promise that files are bits on a disk? As a user I certainly don't expect that. Perhaps you have a problem with the name "file" but the abstraction itself still seems useful. (And yet I do find it quite odd when I have to do something like `echo "TPAD" > /proc/acpi/wakeup` to disable wake-on-trackpad.) That said I don't disagree with you that UEFI variables should not be delete-able, but there are many files on Linux that you can't delete.

replies(2): >>11155964 #>>11156189 #

1. jerf ◴[23 Feb 16 02:11 UTC] No.11155964[source]▶

>>11155483 #

I agree that there's no promise it's a file. After all, fuse will let you mount anything as a filesystem. But I'm trying to think of another file I can "delete" and permanently hose my computer, but I'm coming up blank. Maybe some fuse filesystem somewhere can do it, but none of the ones I've used.

I mean, yeah, I've destroyed many a partition table in my day, and I've permanently lost myself some data, I've even dd'ed in the wrong direction with no recourse but to suck it up and deal with it, but I've never fried a computer with a rm command. (Contrary to what some commenters seems to be viciously defending, this does seem to be a legitimately different level of destructive possibility than has conventionally been available. This is the sort of thing that would put me off having ever installed Linux in the first place.)

↑