Stories
Slash Boxes
Comments

SoylentNews is people

SystemD Mounts EFI pseudo-fs RW, Facilitates Permanently Bricking Laptops, Closes Bug Invalid

posted by CoolHand on Tuesday February 09 2016, @02:27AM   Printer-friendly
from the why-oh-why dept.

linuxrocks123 writes:

A number of users have reported that running "rm --no-preserve-root -rf /" not only deletes all their files (as expected), but also permanently bricks their computers (which is not). Tracing the issue revealed that the ultimate cause was that SystemD mounted the EFI pseudo-fs as read-write even when this FS was not listed in fstab, and deleting certain files in this pseudo-fs causes certain buggy, but very common, firmware not to POST anymore. A user reported this bug on SystemD's GitHub issue tracker, asking that the FS be mounted read-only instead of read-write, and said bug was immediately closed as invalid. The comment thread for the bug was locked shortly after. Discuss.

Links:
https://github.com/systemd/systemd/issues/2402
http://thenextweb.com/insider/2016/02/01/running-a-single-delete-command-can-permanently-brick-laptops-from-inside-linux/

Original Submission

 
This discussion has been archived. No new comments can be posted.
SystemD Mounts EFI pseudo-fs RW, Facilitates Permanently Bricking Laptops, Closes Bug Invalid | Log In/Create an Account | Top | 145 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by darkfeline on Tuesday February 09 2016, @11:44PM

    by darkfeline (1030) on Tuesday February 09 2016, @11:44PM (#301775) Homepage

    I wonder how many people actually read the conversation.

    I've heard that Poettering was an asshole, but his comments are reasonable and agreeable.

    1) There are tools that expect efivarfs to be mounted writable.
    2) Only root can write it.
    3) Root already can fuck up your system. dd to vulnerable block devices, for example. The kernel may also expose virtual files that can brick hardware, depending on configuration.
    4) You can fix this by adding an "ro" entry to fstab.

    In fact, this really should be a bug in efivarfs, which should have implemented everything in terms of file writes and not letting file removal affect anything.

    e.g., instead of allowing rm /foo/bar, efivarfs should instead do echo 1 > /foo/bar/remove.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by darkfeline on Tuesday February 09 2016, @11:53PM

    by darkfeline (1030) on Tuesday February 09 2016, @11:53PM (#301777) Homepage

    Also, "systemd SUCKS". Keep in mind that "UNIX SUCKS" too, after all, the root problem here is that rm does exactly what you tell it to do with no warnings, because that's the UNIX way. Feel free to replace it with a "trash" command that gives you more leeway than calling unlink(3) on every file on your system, or an operating system that always pops up a message "Are you SURE you want to do this? Triple sure? Pinky swear? Press Okay three times and do the macarena."

    --
    Join the SDF Public Access UNIX System today!