A number of users have reported that running "rm --no-preserve-root -rf /" not only deletes all their files (as expected), but also permanently bricks their computers (which is not). Tracing the issue revealed that the ultimate cause was that SystemD mounted the EFI pseudo-fs as read-write even when this FS was not listed in fstab, and deleting certain files in this pseudo-fs causes certain buggy, but very common, firmware not to POST anymore. A user reported this bug on SystemD's GitHub issue tracker, asking that the FS be mounted read-only instead of read-write, and said bug was immediately closed as invalid. The comment thread for the bug was locked shortly after. Discuss.
Links:
https://github.com/systemd/systemd/issues/2402
http://thenextweb.com/insider/2016/02/01/running-a-single-delete-command-can-permanently-brick-laptops-from-inside-linux/
(Score: 5, Touché) by maxwell demon on Tuesday February 09 2016, @07:01AM
And why does it mount the EFI file system read/write, when not requested to be the user?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Insightful) by TheReaperD on Tuesday February 09 2016, @08:56AM
It seems to be trying to do something similar to how PRAM works on MACs. A reserved space in the firmware that software can write data. I personally think that it is a really horrible idea but, there seems to be a lot of demand from some software vendors to be able to write data to hardware. Though I can see valid uses for it, such as storing your software serial numbers for reinstall (such as Windows 8/10) I see far more opportunities for abuse.
Ad eundum quo nemo ante iit
(Score: 2) by maxwell demon on Tuesday February 09 2016, @10:47AM
Well, as long as I, as user, can decide whether I want to enable it, I'm OK with such support. But if it is enabled unconditionally, for providing functionality I'm not even planning to use, that's not OK.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 0) by Anonymous Coward on Wednesday February 10 2016, @09:52PM
> there seems to be a lot of demand from some software vendors to be able to write data to hardware
and systemd bends over, while $rookie_programmer_writing_code_in_his_spare_time would have had more security concerns. I am not surprised at systemd devs, overenthusiasm and wanting to change the world is understandable. But, fuck, what about RedHat? They write the drivers for linux FFS
(Score: 1, Insightful) by Anonymous Coward on Tuesday February 09 2016, @02:24PM
> And why does it mount the EFI file system read/write, when not requested to be the user?
Why does it mount /dev read-write when not requested to by the user?
You can nit-pick anything to death if you are motivated. None of this would be an issue if the firmware wasn't buggy in the first place.
(Score: 2) by fido_dogstoyevsky on Tuesday February 09 2016, @09:50PM
None of this would be an issue if the firmware wasn't buggy in the first place.
And if systemd wasn't sloppy enough to let that sort of bug through.
It's NOT a conspiracy... it's a plot.
(Score: 2) by HiThere on Wednesday February 10 2016, @04:32AM
Sorry, but theres *LOTS* of buggy hardware out there. When software is designed to run on that hardware it is *expected* to compensate for those bugs.
Yes, it's a hardware bug. It's **ALSO** a software bug.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2, Interesting) by Arik on Tuesday February 09 2016, @06:25PM
Because it's Poettering-ware and that's his philosophy. The 'user' is not intended to be a system administrator, the 'user' is conceived of as completely innocent of all computer skills and the system will be designed to ensure that s/he stays that way. It's nearly inconceivable for him to permit any increase in user control, in any area, because the entire thrust of his development is to disempower the user in every way possible.
Also, I haven't confirmed this so it may just be a rumor, but there was talk about using the R/W EFI disk to enable a remote-control reboot to windows on a dual-boot machine. Maybe that's considered a killer app over in systemD land?
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Tuesday February 09 2016, @06:34PM
The last comment to the bug report, by Mr. Poettering, explains why writes are enabled:
(Score: 3, Insightful) by maxwell demon on Tuesday February 09 2016, @06:41PM
And when I don't want to issue that command, then there's no point in having it writeable.
The Tao of math: The numbers you can count are not the real numbers.