A number of users have reported that running "rm --no-preserve-root -rf /" not only deletes all their files (as expected), but also permanently bricks their computers (which is not). Tracing the issue revealed that the ultimate cause was that SystemD mounted the EFI pseudo-fs as read-write even when this FS was not listed in fstab, and deleting certain files in this pseudo-fs causes certain buggy, but very common, firmware not to POST anymore. A user reported this bug on SystemD's GitHub issue tracker, asking that the FS be mounted read-only instead of read-write, and said bug was immediately closed as invalid. The comment thread for the bug was locked shortly after. Discuss.
Links:
https://github.com/systemd/systemd/issues/2402
http://thenextweb.com/insider/2016/02/01/running-a-single-delete-command-can-permanently-brick-laptops-from-inside-linux/
(Score: 2) by darkfeline on Tuesday February 09 2016, @11:44PM
I wonder how many people actually read the conversation.
I've heard that Poettering was an asshole, but his comments are reasonable and agreeable.
1) There are tools that expect efivarfs to be mounted writable.
2) Only root can write it.
3) Root already can fuck up your system. dd to vulnerable block devices, for example. The kernel may also expose virtual files that can brick hardware, depending on configuration.
4) You can fix this by adding an "ro" entry to fstab.
In fact, this really should be a bug in efivarfs, which should have implemented everything in terms of file writes and not letting file removal affect anything.
e.g., instead of allowing rm /foo/bar, efivarfs should instead do echo 1 > /foo/bar/remove.
Join the SDF Public Access UNIX System today!
(Score: 2) by darkfeline on Tuesday February 09 2016, @11:53PM
Also, "systemd SUCKS". Keep in mind that "UNIX SUCKS" too, after all, the root problem here is that rm does exactly what you tell it to do with no warnings, because that's the UNIX way. Feel free to replace it with a "trash" command that gives you more leeway than calling unlink(3) on every file on your system, or an operating system that always pops up a message "Are you SURE you want to do this? Triple sure? Pinky swear? Press Okay three times and do the macarena."
Join the SDF Public Access UNIX System today!