If you're a Steam user — beware, even slight modifications of your system may result in the nuking of your home directory, and more!
Fortunately, as the entry point for the user is a shell script (bash, but that's another story), it's been quite easy to find the source of the problem, the lack of sanitising shell variables before passing them to potentially dangerous commands — in this case, “rm -rf "$STEAMROOT/"*'”. The commit that introduced the bug also seems to have contained a remarkably apt comment ``#Scary!'' (it's not clear that the repo being pointed to, and its commits, mirror exactly the same commits as Steam themselves would have added them.)
It seems that even on MS Windows, Steam gets a bit over-eager about deleting files it doesn't own.
As a software engineer, who's also been a package maintainer on huge projects with up to 70 engineers wanting to force patches into my tree, I've become hyper-attuned to the concept of asking "what could possibly go wrong" (and having a mindset like Bob the Bastard from the animated Dilbert series), and consequently for demanding small readable patches which do just one small thing that's trivial to review. Would the patch have passed review? How confident are you about the quality of the rest of the code if things like this can slip through?
(Score: 2) by aristarchus on Saturday January 17 2015, @04:11AM
Should've used Linux!
Hey! Those were exactly my thoughts as a Windows user! What are the odds? Amazing! But then, I have not been a Windows user since '95. Oh, and I don't even own a Television. Yes, I am the most interesting "that guy" in the universe! (wait! Windows can do recursive directory operations! Wow, this is one operating system that has really grown up.)