If you're a Steam user — beware, even slight modifications of your system may result in the nuking of your home directory, and more!
Fortunately, as the entry point for the user is a shell script (bash, but that's another story), it's been quite easy to find the source of the problem, the lack of sanitising shell variables before passing them to potentially dangerous commands — in this case, “rm -rf "$STEAMROOT/"*'”. The commit that introduced the bug also seems to have contained a remarkably apt comment ``#Scary!'' (it's not clear that the repo being pointed to, and its commits, mirror exactly the same commits as Steam themselves would have added them.)
It seems that even on MS Windows, Steam gets a bit over-eager about deleting files it doesn't own.
As a software engineer, who's also been a package maintainer on huge projects with up to 70 engineers wanting to force patches into my tree, I've become hyper-attuned to the concept of asking "what could possibly go wrong" (and having a mindset like Bob the Bastard from the animated Dilbert series), and consequently for demanding small readable patches which do just one small thing that's trivial to review. Would the patch have passed review? How confident are you about the quality of the rest of the code if things like this can slip through?
(Score: 2) by Geotti on Friday January 16 2015, @04:00PM
The comment should have read something along the lines of "make sure $STEAMROOT is ALWAYS, (always, always, always, ...) set"
(Score: 2) by el_oscuro on Saturday January 17 2015, @01:36AM
#!/bin/bash
# Make sure it is defined
if [ "$STEAMROOT" == "" ]; then
echo $0: STEAMROOT not defined. Unable to cleanup steam 1>&2
exit 1
fi
# Not a directory
if [ ! -d "$STEAMROOT" ]; then
echo $0: STEAMROOT \"$STEAMROOT\" is not a directory. Unable to cleanup steam 1>&2
exit 1
fi
# Finally, we can run the cleanup. In the event STEAMROOT is pointed to a directory it shouldn't be,
# include a hard coded subdirectory to it
rm -rf $STEAMROOT/steam_files/*
SoylentNews is Bacon! [nueskes.com]
(Score: 2) by el_oscuro on Saturday January 17 2015, @01:40AM
Actually the delete should have just been (no *)
rm -rf $STEAMROOT/steam_files/
SoylentNews is Bacon! [nueskes.com]
(Score: 2) by hash14 on Saturday January 17 2015, @09:45PM
Even easier if you're using bash:
Causes any attempt to dereference an unset variable to exit the entire script immediately.
Bash, as a scripting language, is quite liberal and dangerous. It allows you to do crazy things (technically, any other language allows you to do stuff like this as well, but bash makes it painfully easy). A good practice in any bash script-writing is to peruse these options [tldp.org] and use them to make processing as strict as possible, just like any Perl programmer would start their scripts with
and perhaps some others. I have barely written more than 100 lines of perl in my life, maybe someone else knows more on this than I.
(Score: 2) by Geotti on Sunday January 18 2015, @06:11AM
I stand corrected. ;)