rm -rf ${var}/is a disaster waiting to happen.Always do
rm -rf "${var:?}/"so that the script aborts if the variable is empty. Or better yetrm -rf "./${var:?}/".Edited to add quotes. Always quote a path: it might have spaces in it, without quotes that will become multiple paths! Which would also have avoided the particular bug in question.
In this case the issue was that a change between kde5 and kde6 let to the variable being defined as
somepath /(notice the space).And that’s why you also surround it with double quotes.
Is there not also a way to disallow empty variables in the script, I think it is
set -u? Then you don’t have to keep thinking “should I add a:?here because if empty it may lead to disaster” all the time. Might be even safer.set -euo pipefailat the top of every script makes stuff a lot safer. Explanation here.Yep! I always do this too.
TL;DR:
eaborts the whole script on a non-zero error.uaborts when using an undefined variable.-o pipefailaborts a piped compound command when one of the piped commands fail.Any other way lies madness. Or erasing the whole filesystem apparently!
Yes! But
-uis for undefined variables. It won’t stop a defined variable with an empty value. E.gfoo="".Also
?and:?have the advantage of telling you right then and there where the variable use is that it must be defined or not empty… having to trek back to (likely) the top of the script to check is easily forgotten.
I usually have a whole block that checks if the var exists and exits if not, but this is way more elegant
Protects you from accidentally changing the variable within the block too!
Reminds me of old bumblebee install script:
An extra space at line 351: rm -rf /usr /lib/nvidia-current/xorg/xorgYikes
A Linux user’s nightmare: the machine was wiped clean with one click
Timo Tamminen
One day a Linux user using KDE Plasma decided to download a generic theme for his desktop environment. This is possible with Plasma’s built-in tool, through which you can download anything from themes to icons and wallpapers.
Installing themes using Plasma’s tool is easy and fast. It practically only requires one click. This time, however, the user in question certainly wishes that that one click had not been completed.
Namely, installing the theme called Gray Layout wiped the machine completely empty of the user’s personal files. Without asking anything.
Although the theme developer’s intention this time was apparently not malicious, the accident was a clear indication that installing third-party themes without careful supervision can be a bad mistake. With the theme, almost anything can be installed in the user’s home directory.
The Gray Layout installation script ran the rm -rf command, which normally removes all files from the device, making the command particularly dangerous to use. However, without root access, it can only cause limited damage.
Reddit user Jeansen Vaars says that he lost all his games, settings files, browser history and other contents of his home directory in a crash.
The unofficial face of KDE, Nate Graham, apologizes for what happened. He promises that the matter will be thoroughly investigated. The theme in question has also been removed from the theme store.
The Gray Layout installation script ran the
rm -rfcommand, which normally removes all files from the deviceTranslation difficulties, or does the author really think that’s what it’s normally used for?
It’s an accurate translation. Mikrobitti is a generic computer magazine (with a long history) so it could either be that the author is not very familiar with Linux cli or it might also be that they were trying to put it in layman’s terms.
A theme is software and software has bugs. While this one had a pretty dramatic effect, you take basically the same risk with every program you run. This, along with hardware and user errors are why backups are so important; they change a disaster to an inconvenience.
/ Preach mode off
A theme is software and software has bugs
I honestly did not know that KDE themes contained executable code. When I think “theme”, I think of cosmetic settings that plug into an existing program, which I would hope sanitizes its input and does NOT execute arbitrary code. I don’t think “arbitrary executable code running as root”.
I’m assuming KDE warns you about this when you try to install a theme, right? I’m not at my KDE system to test at the moment. I did try downloading a theme tar from the web site, and it doesn’t seem to contain any code — just SVG files, a colors config file, and a metadata file.
Breeze, for example, contains a lot of code. For instance
A windows device just wiped the hardware settings of a periphery device, because it got an update and the new lighting settings wanted to control the LEDs in that device. All gone
That’s what good backups are for.
I image all my PCs daily with Veeam, bootable media is on my Ventoy USB stick, and restoring is easy as you just boot up the restore media and it pulls the latest backup over the network.
Click bait
wiped clean?
It is windows users that pretend to be linux user.
They are root.
Hetken jo ajattelin, että mitä hiivatin noituutta nämä Suomeksi olevat konekääntäjän tekstit ovat olevinaan.
That reminds me…
In circa 1995 I was running a dial upBBS service – as a teenager. So if course, it was full of bootlegged video games and such, and people would dial in, download a game, log off.
Someone uploaded Descent or something like that. But they had put "deltree /y C:" or similar into a batch file, used a BAT2COM converter program, then a COM2EXE program, then padded the file size to approximately the right size with random crap (probably just using APPEND)… And uploaded it. Well, fortunately for the rest of my users, I say the game and said: oh, that’s neat, I should try it and copied it to another computer over my internal network and launched it. It started deleting files right away and I hit CTRL-C to abort. I lost only a few dozen files.
Banned the user, deleted the package. Got lucky.
