SoylentNews is people
SoylentNews
If you're a Steam user — beware, even slight modifications of your system may result in the nuking of your home directory, and more!
Fortunately, as the entry point for the user is a shell script (bash, but that's another story), it's been quite easy to find the source of the problem, the lack of sanitising shell variables before passing them to potentially dangerous commands — in this case, “rm -rf "$STEAMROOT/"*'”. The commit that introduced the bug also seems to have contained a remarkably apt comment ``#Scary!'' (it's not clear that the repo being pointed to, and its commits, mirror exactly the same commits as Steam themselves would have added them.)
It seems that even on MS Windows, Steam gets a bit over-eager about deleting files it doesn't own.
As a software engineer, who's also been a package maintainer on huge projects with up to 70 engineers wanting to force patches into my tree, I've become hyper-attuned to the concept of asking "what could possibly go wrong" (and having a mindset like Bob the Bastard from the animated Dilbert series), and consequently for demanding small readable patches which do just one small thing that's trivial to review. Would the patch have passed review? How confident are you about the quality of the rest of the code if things like this can slip through?
(Score: 0) by Anonymous Coward on Friday January 16 2015, @05:59PM
Digressing for a moment,
I made a worse mistake than this once upon a time.....I made a batch file which was designed to be called with the right click menu recursively removing a selected directory and all its contents. The command in the batch was something like RD /S /Q [some-variable-for-target-path]
I committed to an operation one day and then proceeded to focus on something else.....after about 20 seconds I noticed the command prompt window was continuing to work overtime and not stopping! I stopped the operation and went snooping at my filesystem.....The recursive delete operation was starting from C: drive root! .....my batch script had a flaw! .....I lost private documents, my music collection, my family photos, WINDOWS system folders were missing large chunks.....whatever was left in memory was keeping my desktop alive, but my next reboot was going to be the last one !!!!!!
Regarding this badly scripted deletion routine on Linux,
as a Windows user I find this mistake quite bizarre! I always thought that Linux scripting was much more robust and exacting than this!
I am not a programmer by the way, but I do have an affinity for the art of it.
This 'C' sourcecode will generate a unique timestamp like this example: 2015011704540053
At initial program setup When the "STEAM" directory was first created, I would have also created a unique timestamp file at root of "STEAM" directory named dont-delete-2015011704540053.txt . This file name would also be registered and set into the configuration/uninstaller files for this program.
When the time came for the program to run commands to recursively delete its "STEAM" directory, it would firstly look for the name of the timestamp file in its configuration; it would then perform the deletion routine using an "if exist [path-to-timestamp-file] else" condition.
The "else" part of this condition would pause execution and pop up a message box with useful information and manual troubleshooting steps for the user before proceeding further.
As I said previously, I'm not even a programmer but I highly value robust conditional and interactive logic in user-space. I suppose the mistake I made deleting the contents of C: drive taught me a BIG LESSON which I will never forget.
(Score: 2) by urza9814 on Friday January 16 2015, @08:16PM
If I understand what happened here, that wouldn't have helped at all. The problem is the steam directory was never set. So on install, it's not set, it writes that file to root. Then on uninstall, it checks root, finds that file, and happily proceeds to nuke your entire system. Might work if the directory was properly set during install and then unset somewhere since then though.
In is, in the same way that C is more robust and exacting than a Windows batch script. But software does whatever the programmer tells it, and if he tells it to nuke your drive, you're screwed. There isn't a single programming language in the world that will protect against programmer errors. Saying you shouldn't use Bash because of this is like saying you shouldn't use SQL because of injection attacks.
A lot of *nix server processed boot as root and then drop down into their own unprivileged user account. Might be nice for Steam to consider something similar, that way to uninstall you can just delete that user account and be done with it...
(Score: 0) by Anonymous Coward on Friday January 16 2015, @11:38PM
[I am the parent poster]
...If I understand what happened here, that wouldn't have helped at all [...] Then on uninstall, it checks root, finds that file, and happily proceeds to nuke your entire system. Might work if the directory was properly set during install and then unset somewhere since then though.
I don't see a technical problem with what I previously described; the conclusions in your answer would only exist if the programmer in question is the type I would describe as an "I DON'T GIVE A FUCK" PIECE OF WORTHLESS SHIT. I really do not expect to see this type of programmer working for STEAM.
So using your case, let's say the text file dont-delete-2015011704540053.txt was written to root at installation.
When the time came to uninstall/delete the parent folder of the text file, the script logic would be something like this pseudo batch code:
As I said before, using "if else" conditional logic a normal programmer will not have a problem deleting the directory safely, and if the deletion fails then the user gets a verbose troubleshooting popup message. This programmer who wrote this deletion script looks to have less brains than me AND I AM NOT EVEN A PROGRAMMER!!
(Score: 0) by Anonymous Coward on Saturday January 17 2015, @08:55AM
Jesus fuck. Fuck off
(Score: 0) by Anonymous Coward on Saturday January 17 2015, @03:30PM
you fucking cunt!...You clicked reply just to say that terse shit !!
I put effort into that post !! I stopped my day to compose all those words !!
I would squeeze your neck E X T R A F U C K I N G H A R D if you stood in front of me COCKBREATH !!!
(Score: 0) by Anonymous Coward on Friday January 16 2015, @11:06PM
Should've used Linux!
(Score: 2) by aristarchus on Saturday January 17 2015, @04:11AM
Should've used Linux!
Hey! Those were exactly my thoughts as a Windows user! What are the odds? Amazing! But then, I have not been a Windows user since '95. Oh, and I don't even own a Television. Yes, I am the most interesting "that guy" in the universe! (wait! Windows can do recursive directory operations! Wow, this is one operating system that has really grown up.)
(Score: 2) by FatPhil on Saturday January 17 2015, @01:51PM
The word you're looking for is powerful. And thus more dangerous if you're careless. There's a fitness function in Unix which quite happily kills of those who aren't strong enough to survive.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves