Main Area and Open Discussion > Non-Windows Software

*NIX - Problem with Steam shellscript may delete user files

(1/2) > >>

40hz:
This from The Register:

Scary code of the week: Valve Steam CLEANS Linux PCs (if you're not careful)
Dodgy shell script triggers classic rm -rf /

17 Jan 2015 at 12:00, Shaun Nichols

Linux desktop gamers should know of a bug in Valve's Steam client that will, if you're not careful, delete all files on your PC belonging to your regular user account.
.
.
.
The issue was traced to a shell script variable that's supposed to contain a filesystem path, but can end up empty if Steam's files are moved or missing, and is passed as an argument to rm -rf.
--- End quote ---

Soon to be fixed no doubt - but still something to be aware of until it is. Full article here.
 :tellme:

ewemoa:
Woa.

40hz:
^ Yeah. Except the first word that popped into my head wasn't 'woa.'

Deozaan:
Yikes!

TaoPhoenix:

As a newbie question, I am responding to these bits:

-----------

# Scary!
rm -rf "$STEAMROOT/"*

Yes, $STEAMROOT can end up being empty, but no check is made for that. Notice the # Scary! line, an indication the programmer knew there was the potential for catastrophe.

-----------------------

So is this a bug?! Or a hack?

How does a line like "rm -rf "$STEAMROOT/"*" even begin to have a legit purpose?

And then how does a programmer label something "scary" and do nothing about it?

I'm missing the meta-story here. Given the number of "blah" security reports on random "vulnerabilities", wouldn't this rocket to the top of someone's to-do list to investigate?

Did someone bulldoze the programmer, who then felt trapped and the best be could do was add "scary", counting on the tech media to somehow do an end-run fix?

Navigation

[0] Message Index

[#] Next page