Announcement

**uid313** · 17 March 2016, 08:55 AM

Be careful to not do a rm -rf / because that would erase files from /sys/efi and /efi, and this could brick your computer.

**ssokolow** · 17 March 2016, 09:36 AM

Originally posted by uid313 View Post

Be careful to not do a rm -rf / because that would erase files from /sys/efi and /efi, and this could brick your computer.

...or just have enough history of risk-averseness to have a BIOS-based desktop and an ARM palmtop with unbrickable booting while you wait for people to come to their senses a bit.

**Mystro256** · 17 March 2016, 09:39 AM

Originally posted by uid313 View Post

Be careful to not do a rm -rf / because that would erase files from /sys/efi and /efi, and this could brick your computer.

I still don't understand why someone would need to do this.

**bug77** · 17 March 2016, 09:47 AM

Originally posted by Mystro256 View Post

I still don't understand why someone would need to do this.

And again, it's not about someone doing this on purpose.
Imagine someone runs a clean up script that has something like 'rm -rf ${tmpFolder}/', only for some reason tmpFolder was not set and the script was run with superuser privileges.
Either way, it's beyond idiotic to allow for deletion of a file (any file) to leave a whole system unable to boot. Back I was introduced to the PC, a clean OS install meant running deltree on C:\, rebooting and inserting the OS install disks.

**Ericg** · 17 March 2016, 10:55 AM

Originally posted by Mystro256 View Post

I still don't understand why someone would need to do this.

Some people do it just to see what happens.

Some people have a typo in their script (as pointed out by bug77)

Sometimes malicious people do in fact get in, and want to cause problems for you.

Sometimes malicious people do in fact get in, want to hide their tracks, and have a typo in a cleanup script/command.

**tigerroast** · 17 March 2016, 11:04 AM

Originally posted by uid313 View Post

Be careful to not do a rm -rf / because that would erase files from /sys/efi and /efi, and this could brick your computer.

Nah, it's cool. I'll just pop the live USB stick in and do a clean install.

Seriously, why (or, more importantly, how) someone would/could do this is beyond me.

Originally posted by bug77 View Post

And again, it's not about someone doing this on purpose.

Novices don't know enough to even do something like this, and power-users should know better.

Imagine someone runs a clean up script that has something like 'rm -rf ${tmpFolder}/', only for some reason tmpFolder was not set and the script was run with superuser privileges.
Either way, it's beyond idiotic to allow for deletion of a file (any file) to leave a whole system unable to boot. Back I was introduced to the PC, a clean OS install meant running deltree on C:\, rebooting and inserting the OS install disks.

Well, if there's any silver lining, it's that this could be a great way to make servers abide to the UNIX philosophy more. By allowing the computer to behave in such a way that allows the deletion of critical files, an attacker that gains superuser privledges could take down the server permanently. Fail and fail loudly!

Perhaps the more security-minded sysadmins will write-protect those system files. Man, I wish all sysadmins already did that...

**uid313** · 17 March 2016, 11:23 AM

Originally posted by tigerroast View Post

Nah, it's cool. I'll just pop the live USB stick in and do a clean install.

Seriously, why (or, more importantly, how) someone would/could do this is beyond me.

Well maybe someone want to wipe everything from their disk. Or did it by mistake.
On a BIOS system, this would just wipe the disk.
On a UEFI system, this would reset the EFI variables and brick the computer.

**Mystro256** · 17 March 2016, 11:46 AM

Originally posted by bug77 View Post

And again, it's not about someone doing this on purpose.
Imagine someone runs a clean up script that has something like 'rm -rf ${tmpFolder}/', only for some reason tmpFolder was not set and the script was run with superuser privileges.
Either way, it's beyond idiotic to allow for deletion of a file (any file) to leave a whole system unable to boot. Back I was introduced to the PC, a clean OS install meant running deltree on C:\, rebooting and inserting the OS install disks.

Hold on, isn't that what the no-preserve-root flag is for? I was under the impression that rm -rf / would not work without this flag.

**bug77** · 17 March 2016, 11:55 AM

Originally posted by Mystro256 View Post

Hold on, isn't that what the no-preserve-root flag is for? I was under the impression that rm -rf / would not work without this flag.

This guy managed to do it despite no-preserve-root: http://serverfault.com/questions/587...-preserve-root
The thing is, you can't protect against all malicious use/misuse no matter how hard you try. Therefore, the sane thing to do is minimize the number of attack vectors (i.e. files that once deleted can brick a system). After all, I can wipe the Windows partition and the computer will still work. Why should Linux be any different?

Announcement

EFI Security Improvements & More For Linux 4.6

EFI Security Improvements & More For Linux 4.6

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment