From a technical standpoint, Digital Rights Management is a WTF- it’s a crypto system which requires the user to have access to the key, and simply hopes to make getting the key out of the device too cumbersome to be worth a pirate’s time. The shoddy technical reasoning behind it sometimes leads to shoddy technical implementations.

Benjamin tried to help a friend install a DRM client on their machine. The installer continuously failed, and perhaps foolishly, Benjamin decided to run it with elevated permissions. After restoring from backup, Benjamin cracked open the installer and looked at some of the shell scripts that it ran.

#! /bin/sh

rm -rf "$3/$2"
rm -rf "$4/$2"
tar -C "$3" -xjf "$1"
if [ -e "$3/$2/Contents/MacOS/DcpMonitor" ]; then
   chmod 755 "$3/$2/Contents/MacOS/DcpMonitor"
   chmod u+s "$3/$2/Contents/MacOS/DcpMonitor"
   chown root:wheel "$3/$2/Contents/MacOS/DcpMonitor"
if [ -e "$3/$2/Contents/MacOS/DcpMonitor32" ]; then
   chmod 755 "$3/$2/Contents/MacOS/DcpMonitor32"
   chmod u+s "$3/$2/Contents/MacOS/DcpMonitor32"
   chown root:wheel "$3/$2/Contents/MacOS/DcpMonitor32"
if [ -e "$3/$2/Contents/MacOS/DcpMonitor64" ]; then
   chmod 755 "$3/$2/Contents/MacOS/DcpMonitor64"
   chmod u+s "$3/$2/Contents/MacOS/DcpMonitor64"
   chown root:wheel "$3/$2/Contents/MacOS/DcpMonitor64"
if [ -e "$3/$2/Contents/MacOS/DcpMonitorKill" ]; then
   chmod 755 "$3/$2/Contents/MacOS/DcpMonitorKill"
   chmod u+s "$3/$2/Contents/MacOS/DcpMonitorKill"
   chown root:wheel "$3/$2/Contents/MacOS/DcpMonitorKill"
echo "DONE"

A few logging messages made it clear exactly what had gone wrong- the binary which was supposed to trigger the shell script had forgotten to pass any parameters. rm -rf "$3/$2", after variable substitution, executed rm -rf "/", which is a wonderfully concise way to ruin someone’s day.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!