Hacker Read

pmarreck · 2019-07-07 17:20:33+00:00

It's because rm -rf "$STEAMROOT/"* will evaluate as rm -rf "/"* if $STEAMROOT for some reason is blank or unset, which is what happened here. (As someone in that discussion mentioned, a little more Bash knowledge might have suggested using rm -rf "${STEAMROOT:?}/"* instead, to force it to (at least) error if it is empty or unset.)

SAI_Peregrinus | karma 5632 | avg karma 2.07 · | 2021-11-09 12:39:32

That's why I always use :? with rm in bash scripts. eg

    rm -rf "${STEAMROOT:?}/"*

Will exit with error instead of running rm if STEAMROOT is unset. Even if used inside a conditional.

Alupis | karma 14032 | avg karma 2.49 · | 2015-01-16 02:11:05+00:00

> Would this have stopped things getting deleted?

No. "${STEAMROOT}" will contain something when the "rm" command runs. It just might not be what's expected.

> STEAMROOT="$(cd "${0%/*}" && echo $PWD)"

reply

kazinator | karma 30751 | avg karma 1.78 · | 2015-01-15 18:43:31

   rm -rf "$STEAMROOT/"*

This is why serious bash scripts use

   set -u # trap uses of unset variables

Won't help with deliberately blank ones, of course.

Scripting languages in which all variables are defined if you so much as breathe their names are such a scourge ...

I did this once in a build script. It wiped out all of /usr/lib. Of course, it was running as root! That machine was saved by a sysadmin who had a similar installation; we copied some libs from his machine and everything was cool.

reply

kevan | karma 1791 | avg karma 4.62 · | 2015-03-23 23:59:14

Agreed, I should've elaborated. All it takes is something like this in the init script without checking if the variable is empty:

    rm -rf "$STEAMROOT/"*

matheusmoreira | karma 22085 | avg karma 2.63 · | 2020-05-02 23:45:22+00:00

  rm -rf "$STEAMROOT/"*

Yes. I have bookmarked this issue as a reminder to always read every single shell script before execution.

enneff | karma 14420 | avg karma 6.76 · | 2015-01-16 00:49:12+00:00

But why would the script prompt for user input unless something was awry? Presumably they control the contents of $STEAMROOT, so I don't see why rm -r should prompt unless it's about to do the wrong thing.

LyndsySimon | karma 4208 | avg karma 1.98 · | 2017-03-23 08:17:29

From reddit:

> It's actually rm -rf /bin.

> Seems to be caused by the same reason as the famous Steam bug - using an undefined variable. Plus the default bash behavior that simply ignores the fact that it doesn't exist and treats it like an empty string.

> tl;dr flamebait: The Unix way™ of "everything is just text" strikes again. (EDIT: yes this a gross over-generalization)

source: https://www.reddit.com/r/programming/comments/610z2f/858521_...

reply

vortico | karma 5453 | avg karma 3.42 · | 2017-07-18 20:22:34

This is about the third time this has happened in this thread. What's the reason for writing the final "/" and not just `rm -rf $(SOME_TEMP_DIR)`?

AnssiH | karma 1595 | avg karma 2.81 · | 2019-04-10 17:48:03+00:00

GNU rm only catches "/". The Steam issue was for /* which is expanded by the shell.

CodesInChaos | karma 2869 | avg karma 2.97 · | 2020-04-29 15:51:34+00:00

That one doesn't work on systems which disallow deleting `/` unless you pass `--no-preserve-root`. But `rm -rf `${VARIABLE}/*` still does, and that's what steam did.

trickstra | karma 672 | avg karma 1.61 · | 2020-10-01 18:15:47

My teammate a couple years ago was writing a script that needed to clear a working directory, so `rm -rf $path/*`. He ran it during debugging and found one mistake - at some point the $path variable came in empty......

kazinator | karma 30751 | avg karma 1.78 · | 2014-08-20 20:19:27+00:00

I once did

    rm -rf $PREFIX/usr/lib

in a Bash script being run as root. PREFIX was misspelled, and set -u was not in effect, so the misspelled variable silently expanded to nothing ...

Aissen | karma 14537 | avg karma 8.02 · | 2015-03-24 05:29:23

rm -rf -- $EMPTY_VAR/*

Ooops.

reply

necovek | karma 3657 | avg karma 1.39 · | 2021-09-01 02:54:18

Nobody mentions that 'rm -rf' is considered dangerous due to frequent problems in variable substitution when done in scripts and such: this is the most common source of issues with it afaik (eg. 'rm -rf /$mypath' will nuke everything if mypath is empty).

colanderman | karma 15615 | avg karma 3.76 · | 2015-01-16 00:10:06+00:00

    # Scary!
    rm -rf "$STEAMROOT/"*

Anybody who writes a line like this deserves their software engineer license revoked. This isn't the first time I've seen shit like this (I've seen it in scripts expected to be run as root, no less); it makes my blood boil.

Seriously. "xargs rm -df -- < MANIFEST" is not that hard.

EDIT: I shouldn't be so harsh, if it weren't for the comment admitting knowing how poor an idea this line is.

reply

laurent123456 | karma 6376 | avg karma 5.53 · | 2014-04-16 07:55:44

Wow, nounset or not, doing a `rm -rf` on a variable without any check is quite irresponsible. Especially if they expect the script to be run as sudo.

cobbzilla | karma 2370 | avg karma 3.03 · | 2017-01-17 17:10:38+00:00

or perhaps it was the dreaded "rm -rf ${DIR}/*" when $DIR is not defined.

DougBTX | karma 4497 | avg karma 2.54 · | 2015-01-19 10:27:05+00:00

The Steam line was more like ` rm -rf $VAR/* `, eg, they didn't want to delete the $VAR directory. Still, ` rm -rf /* ` is no fun.

AdmiralAsshat | karma 23050 | avg karma 6.82 · | 2016-04-14 15:42:38+00:00

This question that went unanswered in the replies bears repeating:

Any idea why the command actually ran? If $foo and $bar were both undefined, rm -rf / should have errored out with the --no-preserve-root message.

The only way I can think of that this would have actually worked on a CentOS7 machine is if $bar evaluated to , so what was run was rm -rf /.

As the above notes, I'm pretty sure recent versions of Redhat/CentOS actually protect against this sort of thing.

On the offchance you're not running a recent server, however, this could also be avoided by using `set -u` in the bash script, as it would cause undefined variables to error out.

reply