SoylentNews is people
SoylentNews
If you're a Steam user — beware, even slight modifications of your system may result in the nuking of your home directory, and more!
Fortunately, as the entry point for the user is a shell script (bash, but that's another story), it's been quite easy to find the source of the problem, the lack of sanitising shell variables before passing them to potentially dangerous commands — in this case, “rm -rf "$STEAMROOT/"*'”. The commit that introduced the bug also seems to have contained a remarkably apt comment ``#Scary!'' (it's not clear that the repo being pointed to, and its commits, mirror exactly the same commits as Steam themselves would have added them.)
It seems that even on MS Windows, Steam gets a bit over-eager about deleting files it doesn't own.
As a software engineer, who's also been a package maintainer on huge projects with up to 70 engineers wanting to force patches into my tree, I've become hyper-attuned to the concept of asking "what could possibly go wrong" (and having a mindset like Bob the Bastard from the animated Dilbert series), and consequently for demanding small readable patches which do just one small thing that's trivial to review. Would the patch have passed review? How confident are you about the quality of the rest of the code if things like this can slip through?
(Score: 2) by urza9814 on Friday January 16 2015, @08:16PM
If I understand what happened here, that wouldn't have helped at all. The problem is the steam directory was never set. So on install, it's not set, it writes that file to root. Then on uninstall, it checks root, finds that file, and happily proceeds to nuke your entire system. Might work if the directory was properly set during install and then unset somewhere since then though.
In is, in the same way that C is more robust and exacting than a Windows batch script. But software does whatever the programmer tells it, and if he tells it to nuke your drive, you're screwed. There isn't a single programming language in the world that will protect against programmer errors. Saying you shouldn't use Bash because of this is like saying you shouldn't use SQL because of injection attacks.
A lot of *nix server processed boot as root and then drop down into their own unprivileged user account. Might be nice for Steam to consider something similar, that way to uninstall you can just delete that user account and be done with it...
(Score: 0) by Anonymous Coward on Friday January 16 2015, @11:38PM
[I am the parent poster]
...If I understand what happened here, that wouldn't have helped at all [...] Then on uninstall, it checks root, finds that file, and happily proceeds to nuke your entire system. Might work if the directory was properly set during install and then unset somewhere since then though.
I don't see a technical problem with what I previously described; the conclusions in your answer would only exist if the programmer in question is the type I would describe as an "I DON'T GIVE A FUCK" PIECE OF WORTHLESS SHIT. I really do not expect to see this type of programmer working for STEAM.
So using your case, let's say the text file dont-delete-2015011704540053.txt was written to root at installation.
When the time came to uninstall/delete the parent folder of the text file, the script logic would be something like this pseudo batch code:
As I said before, using "if else" conditional logic a normal programmer will not have a problem deleting the directory safely, and if the deletion fails then the user gets a verbose troubleshooting popup message. This programmer who wrote this deletion script looks to have less brains than me AND I AM NOT EVEN A PROGRAMMER!!
(Score: 0) by Anonymous Coward on Saturday January 17 2015, @08:55AM
Jesus fuck. Fuck off
(Score: 0) by Anonymous Coward on Saturday January 17 2015, @03:30PM
you fucking cunt!...You clicked reply just to say that terse shit !!
I put effort into that post !! I stopped my day to compose all those words !!
I would squeeze your neck E X T R A F U C K I N G H A R D if you stood in front of me COCKBREATH !!!