The theme contained rm -rf, but claims it wasn’t malicious intent…I assume rm -rf for cleanup, but seems like it should have a apecific path other than /
When I worked at Pixar long ago an intern had a cron job that was intended to clean up his nightly build and ended up deleting everything on the network share for everyone!
Fortunately there were back-ups and it was fine, but that day was really hilariously annoying while they tracked down things disappearing.
Was that the infamous Toy Story 2 incident?
Amusingly enough, no.
This was after Toy Story 3 released but before Brave.
Oof
The command was rm -rf $pathvariable
Bug in the code caused the path to be root. Wasn’t explicitly malicious
Was it a native theme or a downloaded/custom theme?
Custom download
Downloaded from the KDE store
Thank you. I couldn’t get google translate to work for me.
That reminds me…
In circa 1995 I was running a dial upBBS service – as a teenager. So if course, it was full of bootlegged video games and such, and people would dial in, download a game, log off.
Someone uploaded Descent or something like that. But they had put "deltree /y C:" or similar into a batch file, used a BAT2COM converter program, then a COM2EXE program, then padded the file size to approximately the right size with random crap (probably just using APPEND)… And uploaded it. Well, fortunately for the rest of my users, I say the game and said: oh, that’s neat, I should try it and copied it to another computer over my internal network and launched it. It started deleting files right away and I hit CTRL-C to abort. I lost only a few dozen files.
Banned the user, deleted the package. Got lucky.
Trust but verify. It was a text file, it doesn’t get much easier to do the second step of that.
… in which case you would have seen that they delete a path referenced by an env var being set earlier.
How likely do you think it would have been to notice, that this env var will turn up empty in your specific case?
A theme that deleted anything would have been enough of a red flag.
The Gray Layout installation script ran the
rm -rfcommand, which normally removes all files from the deviceTranslation difficulties, or does the author really think that’s what it’s normally used for?
I wonder how much would break, and how much time it would take to update everything, if all shells decided to implement a breaking change to prevent these kind of scenarios. E.g. make “set -u” default or some other solution
wiped clean?
It is windows users that pretend to be linux user.
They are root.
Click bait
Hetken jo ajattelin, että mitä hiivatin noituutta nämä Suomeksi olevat konekääntäjän tekstit ovat olevinaan.
A theme is software and software has bugs. While this one had a pretty dramatic effect, you take basically the same risk with every program you run. This, along with hardware and user errors are why backups are so important; they change a disaster to an inconvenience.
/ Preach mode off
A windows device just wiped the hardware settings of a periphery device, because it got an update and the new lighting settings wanted to control the LEDs in that device. All gone
SIDPlay did something similar on the Mac.
It has the neat built-in feature of rsyncing the high voltage SID collection to your computer.
However, if you deleted your local copy of it and tried to re-sync it’d update (with deletes) against
/instead. Bye bye files.
