• (cs)

    By "DRM Client" did you mean "EVE Online"?

  • (cs) in reply to josefx
    josefx:
    a WTF implementation of rm.
    It’s BSD rm.
    josefx:
    GNU rm requires an additional flag to delete the root dir and afaik from a posix point of view rm is not allowed to delete a parent directory of the rm executable.
    That might not prevent the commands in the install script from ruining your day, depending on when exactly it checks.
  • No MS Here (unregistered) in reply to operagost
    operagost:
    Old school approach... ISVs basically ignored Microsoft's broken security model and continued assuming the user had full privileges to even RUN programs, not to mention install them, until Vista came out.

    FTFY.

    "laoreet" -- That system admin is at it again!

  • faoileag (unregistered) in reply to QJo
    QJo:
    Apologies, you misunderstand. I wasn't claiming that this is what *ought* to happen, more likely what probably *would* happen
    Well, you must admit it was easy to misunderstand :-)

    I was lucky so far - all companies I have worked for accepted that to make mistakes is human, nobody threw things around or gave an army drill inspector impersonation.

    That is not to say they didn't care - if you would have made the same mistake over and over again, they would have given you the friendly advice to seek employment elsewhere or would have sacked you right away.

    But all team leads or department heads knew that the first weeks into a new job you need some puppy licence, especially if you come from some completely different field of software development (lousiest experience: spending most of an unwanted saturday shift watching a five-hour recompile taking place due to a wrong call of the build script).

    QJo:
    This sort of script is the sort of thing which rarely makes it to code review.
    Actually, thinking about it again, TRWTF is that the shell script exists at all. A binary having to call a shell script to set modes and ownership of a couple of files? What a roundabout way to do things! Even on a Mac, you could probably do this from the binary as well.
  • Alrim (unregistered)

    I just have that kind of time ...

    I just spent 12 hours rebuilding my production server which host all websites of my clients: a typo in the new backup script ruined my night and the beginning of the day.

    Instead of replicating the entire server tree to an empty folder on a NAS via ftp, he copied the structure of the empty folder to my server.

    I've realized that after 15 seconds, but it was too late ... Missing /usr/bin and several other pretty things ...

  • S (unregistered)

    My favorite was a script that changed into a particular directory, and ran "rm -rf *" to remove the contents. Unfortunately, the script didn't allow for the possibility that the directory might not exist, the "cd" might fail, and that as a result, it would remove the contents of whatever directory the user was in when they ran it.

  • ¯\(°_o)/¯ I DUNNO LOL (unregistered) in reply to faoileag
    faoileag:
    Actually, thinking about it again, TRWTF is that the shell script exists at all. A binary having to call a shell script to set modes and ownership of a couple of files? What a roundabout way to do things! Even on a Mac, you could probably do this from the binary as well.
    People not understanding how to do basic file management functions and instead using the system() call with a shell command string are a bountiful source of WTFs of the Bobby Tables type, especially for really simple stuff like deleting a file or changing file permissions, or even starting another program. One stray semicolon and you can run any command you want. If you're lucky, the crapware that's doing this is even chown root.

    In a project I did last year that didn't go anywhere (but many of the code improvements were merged back into a 2.0 of the previous project), it ran under Linux, and the only time I called up another binary was to set the system hardware clock. That was in a separate binary specifically to keep the chown root stuff limited in scope (and so I didn't have to dick with 'sudo chown root' every time I built the main project), and it was started with an execl() call.

  • (cs) in reply to faoileag
    faoileag:
    Fritz:
    I like Benjamin's a.k.a. Benjamo's "HEY THIS THING DOESN'T WORK SO IT'S OBVIOUSLY BADLY CODED; LET'S JUST GIVE IT MORE PRIVILEGES LOL" approach.
    Standard mode of operation in the windows world. Oracle's Java updater can't even check for updates without escalated privileges.

    And also not unheard of in the linux world. Unless you use a packet manager, the standard way to get things done is get the sources and install from them. There the standard goes like "configure; make; make install" and while you can perform the first two steps as a normal user, the last one usually requires root privileges.

    The easy solution to that is to just not install Java in the first place.

  • Tux "Tuxedo" Penguin (unregistered) in reply to thome
    thome:
    The WIDComm Bluetooth drivers are notorious (at my workplace at least) in that uninstalling them does pretty much exactly that: it removes everything from the C: drive.

    Then DON'T uninstall them. And thank Microsoft for making such fragile system.

    Captcha - wisi. I am wisi Penguin so listen to me.

  • (cs) in reply to Tux "Tuxedo" Penguin
    Tux "Tuxedo" Penguin:
    thome:
    The WIDComm Bluetooth drivers are notorious (at my workplace at least) in that uninstalling them does pretty much exactly that: it removes everything from the C: drive.

    Then DON'T uninstall them. And thank Microsoft for making such fragile system.

    Captcha - wisi. I am wisi Penguin so listen to me.

    Much, muuuuuuuch more fragile than the system described in today's article.

  • Tux "Tuxedo" Penguin (unregistered) in reply to Jim Blog
    Jim Blog:
    Although at least most configure scripts at least allow you to specify an alternate installation location - somewhere you can write to without needing root. Software that's only available as RPM is a pain, because without root you literally cannot use it.

    Ark (KDE's archiving tool) can open RPMs and unpack them to directory you want (even subdir of /home) so your argument is invalid. You'll need a bit fiddle with env variables, but you should be able to get it working.

  • Tux "Tuxedo" Penguin (unregistered) in reply to chubertdev
    chubertdev:
    faoileag:
    Fritz:
    I like Benjamin's a.k.a. Benjamo's "HEY THIS THING DOESN'T WORK SO IT'S OBVIOUSLY BADLY CODED; LET'S JUST GIVE IT MORE PRIVILEGES LOL" approach.
    Standard mode of operation in the windows world. Oracle's Java updater can't even check for updates without escalated privileges.

    And also not unheard of in the linux world. Unless you use a packet manager, the standard way to get things done is get the sources and install from them. There the standard goes like "configure; make; make install" and while you can perform the first two steps as a normal user, the last one usually requires root privileges.

    The easy solution to that is to just not install Java in the first place.

    Then how will I play Minecraft when recompiling my kernel on another machine?

  • Evan (unregistered) in reply to Tux "Tuxedo" Penguin
    Tux "Tuxedo" Penguin:
    Jim Blog:
    Although at least most configure scripts at least allow you to specify an alternate installation location - somewhere you can write to without needing root. Software that's only available as RPM is a pain, because without root you literally cannot use it.

    Ark (KDE's archiving tool) can open RPMs and unpack them to directory you want (even subdir of /home) so your argument is invalid. You'll need a bit fiddle with env variables, but you should be able to get it working.

    In general you're right -- but the occasional program actually builds the installation root into the program so it knows where to look for subsidiary files it needs and doesn't provide an alternative way to specify it. But in general, you're right.

    That being said, package managers generally don't work without root, which means you're back into the land of resolving dependencies manually unless you have one of the exceptions available. Which is about as fun as amputating your leg with a rusty fork.

  • Smacky (unregistered) in reply to faoileag
    faoileag:
    Zacrath:
    faoileag:
    What, no unicorns???
    If you do see unicorns,,, then you are probably high.
    For the last couple of months or so all Remy Porter articles had a "cornify" link in it. This is the first one that doesn't.
    You must be new here.....the unicorns have been there a lot longer than a couple of months.....I reckon they've been there almost since Remy started writing these articles....and I'm pretty sure he's been there longer than a couple of months or so....
  • vhasd;o (unregistered) in reply to Jim Blog
    Jim Blog:
    faoileag:
    And also not unheard of in the linux world. Unless you use a packet manager, the standard way to get things done is get the sources and install from them. There the standard goes like "configure; make; make install" and while you can perform the first two steps as a normal user, the last one usually requires root privileges.

    Although at least most configure scripts at least allow you to specify an alternate installation location - somewhere you can write to without needing root. Software that's only available as RPM is a pain, because without root you literally cannot use it.

    yes, it's rooted.

  • Neoculture (unregistered)

    Well, that brought back some memories. I remember during my days at University I wrote a little shell script call "rr" (russian roulette). When invoked, it would look up all executables you had access to (binaries, scripts, etc), pick one at random and execute it with the parameters "-rf /".

    Yes, this was before the "rm" sanity checks were introduced.

  • Curiosity (unregistered)

    Were they installing Barmin's patch?

  • (cs) in reply to Steve The Cynic
    Steve The Cynic:
    faoileag:
    For the last couple of months or so all Remy Porter articles had a "cornify" link in it. This is the first one that doesn't.
    s/months/years/ and: s/couple of/six/
    Because s/couple of months/six years/ would have been too simple?
  • Emu (unregistered) in reply to Juho AKA Juhoo
    Juho AKA Juhoo:
    Jim Blog:
    Software that's only available as RPM is a pain, because without root you literally cannot use it.

    Surely this can't be true? I'm too lazy to check now (busy... ehm compiling) but there must be something like "dpkg-deb -x test.deb testdir" that lets you unpack the rpm wherever you want.

    There is - http://www.rpm.org/max-rpm-snapshot/s1-rpm-install-additional-options.html

    You may run into problems if the package maintainer didn't take into account that you can do that and used hardcoded paths in the setup scripts...

  • Shachar (unregistered)
    chmod 755 "$3/$2/Contents/MacOS/DcpMonitorKill" chmod u+s "$3/$2/Contents/MacOS/DcpMonitorKill" chown root:wheel "$3/$2/Contents/MacOS/DcpMonitorKill"

    That code does not do what it appears to want to do.

    First of all, there is no reason for two separate chmods. "chmod 4755..." would do them both.

    The other thing is that, at least on Linux, "chown" resets the SUID bit, which means that the second line is canceled by the third.

    Shachar

  • (cs)

    So what's wrong with it? From a DRM perspective it's perfect: No one will be copying anything with that system after the install.

  • harry (unregistered)

    https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/commit/a047be85247755cdbe0acce6f1dafc8beb84f2ac

  • html nazi (unregistered) in reply to Fritz, a.k.a. Fritzo

    What wasn't stated is that Benjamo's friend was the president's daughter. He wanted to quickly impress her and didn't have no time to do no investigation (she's sick, remember).

    So he quickly attempted 'sudo make me a sandwich'. Hilarity ensues. Hilarity quickly ceases as TPD is still sick (is her sickness related to the DRM? Is it a DRM sickness? Is the cure "protected" by DRM? We need answers!).

    CAPTCHA: validus - running unknown stuff as root is solution validus only when in emergency

  • faoileag (unregistered) in reply to Smacky
    Smacky:
    faoileag:
    For the last couple of months or so all Remy Porter articles had a "cornify" link in it. This is the first one that doesn't.
    You must be new here.....the unicorns have been there a lot longer than a couple of months.....I reckon they've been there almost since Remy started writing these articles....and I'm pretty sure he's been there longer than a couple of months or so....
    There's a logical flaw in your reasoning: the date of first reading artices on TDWTF and the date of noticing hidden unicorns in some of them might differ, and differ wildly ;-)
  • faoileag (unregistered) in reply to Scarlet Manuka
    Scarlet Manuka:
    Steve The Cynic:
    faoileag:
    For the last couple of months or so all Remy Porter articles had a "cornify" link in it. This is the first one that doesn't.
    s/months/years/ and: s/couple of/six/
    Because s/couple of months/six years/ would have been too simple?
    Because he wanted to make a point?

    I actually liked Steve's reply, regexes are much more concise than calls like "months".replace("years").

  • Tzafrir Cohen (unregistered) in reply to Andrew Stein
    Andrew Stein:
    csh/tcsh always throw an error when accessing unset variables. For all the heat csh/tcsh take, this is a *great* feature.

    $ tcsh

    echo $problem problem: Undefined variable.

    This annoyed me on tcsh when I used it (long ago).

    If you want to use it with bash: set -u (or the longer form: set -o nounset).

  • Wfd (unregistered)

    At my current job a vendor script did rm -f $x/* without x defined.

    At my first job, "I knew something was wrong when I typed vi and it said command not found." done by the actually very smart daughter of the company owners on a dev box, fortunately.

  • Kathy Hardee (unregistered) in reply to ratchet freak

    You also are still A WTF SCAMMER!!!!!!!!!

  • Kathy Hardee (unregistered) in reply to Kathy Hardee
    Kathy Hardee:
    You also are still A WTF SCAMMER!!!!!!!!!
    JAMES LONG WHO WORKS FOR GOGGLE QUIT SENDING ME SCAMMER E-MAILS TRYING TO GET MONEY!!!!!!!!
  • Fritz, a.k.a. Fritzo (unregistered) in reply to Tux "Tuxedo" Penguin
    Tux "Tuxedo" Penguin:
    chubertdev:
    faoileag:
    Fritz:
    I like Benjamin's a.k.a. Benjamo's "HEY THIS THING DOESN'T WORK SO IT'S OBVIOUSLY BADLY CODED; LET'S JUST GIVE IT MORE PRIVILEGES LOL" approach.
    Standard mode of operation in the windows world. Oracle's Java updater can't even check for updates without escalated privileges.

    And also not unheard of in the linux world. Unless you use a packet manager, the standard way to get things done is get the sources and install from them. There the standard goes like "configure; make; make install" and while you can perform the first two steps as a normal user, the last one usually requires root privileges.

    The easy solution to that is to just not install Java in the first place.

    Then how will I play Minecraft when recompiling my kernel on another machine?

    Sorry to hear about your Asperger's.

  • Fritz, a.k.a. Fritzo (unregistered) in reply to faoileag
    faoileag:
    Fritz:
    I like Benjamin's a.k.a. Benjamo's "HEY THIS THING DOESN'T WORK SO IT'S OBVIOUSLY BADLY CODED; LET'S JUST GIVE IT MORE PRIVILEGES LOL" approach.
    Standard mode of operation in the windows world. Oracle's Java updater can't even check for updates without escalated privileges.

    And also not unheard of in the linux world. Unless you use a packet manager, the standard way to get things done is get the sources and install from them. There the standard goes like "configure; make; make install" and while you can perform the first two steps as a normal user, the last one usually requires root privileges.

    I guess every way requires a certain amount of trust in whoever coded the installer program/script. Hadn't really thought of it that much.

  • (cs) in reply to faoileag
    faoileag:
    Scarlet Manuka:
    Steve The Cynic:
    faoileag:
    For the last couple of months or so all Remy Porter articles had a "cornify" link in it. This is the first one that doesn't.
    s/months/years/ and: s/couple of/six/
    Because s/couple of months/six years/ would have been too simple?
    Because he wanted to make a point?

    I actually liked Steve's reply, regexes are much more concise than calls like "months".replace("years").

    How so?

    Also, wouldn't it be

    string.replace("months", "years")

    ?

  • Tux "Tuxedo" Penguin (unregistered) in reply to Fritz, a.k.a. Fritzo
    Fritz:
    Tux "Tuxedo" Penguin:
    chubertdev:
    faoileag:
    Fritz:
    I like Benjamin's a.k.a. Benjamo's "HEY THIS THING DOESN'T WORK SO IT'S OBVIOUSLY BADLY CODED; LET'S JUST GIVE IT MORE PRIVILEGES LOL" approach.
    Standard mode of operation in the windows world. Oracle's Java updater can't even check for updates without escalated privileges.

    And also not unheard of in the linux world. Unless you use a packet manager, the standard way to get things done is get the sources and install from them. There the standard goes like "configure; make; make install" and while you can perform the first two steps as a normal user, the last one usually requires root privileges.

    The easy solution to that is to just not install Java in the first place.

    Then how will I play Minecraft when recompiling my kernel on another machine?

    Sorry to hear about your Asperger's.

    What's Asperger's?

  • Jon (unregistered)

    That still shouldn't of had been that bad of an issue even with sudo/elevated priveleges. OS X won't nuke the f/s w/o --no-preserve-root.

    On an older jailbroken iPhone i ran rm -rf / intentionally and it didn't do anything unless I gave it that argument, OS X is practically the same thing.

  • (cs)

    So one day we got a new server at work. I followed this process (give or take - it was about 7 years ago now):

    1. Install Debian on new server
    2. Configure various services it needed
    3. Copy critical data to temp dir
    4. Move critical data into proper locations, import databases, etc
    5. Copy user data from old to new
    6. Type "rm -Rf /" into console as root before stopping to try and remember full path of temp data
    7. Hit ENTER after remembering path
    8. Realise I needed to actually type in the path
    9. Turn off the new server and re-insert the Debian install CD before smacking my head into the nearest brick wall.

    TL;DR = steps 6 - 8 are the critical mistake I made.

  • Essex Kitten (unregistered) in reply to ¯\(°_o)/¯ I DUNNO LOL

    Any system with sh or sh-derived scripts has that problem, and there are plenty of idiots out there. When learning bash, there should be a note in large letters at the beginning: it's always safer two quote tokens (not just parameters) than not to.

  • Essex Kitten (unregistered) in reply to tin
    tin:
    6) Type "rm -Rf /" into console as root before stopping to try and remember full path of temp data 7) Hit ENTER after remembering path 8) Realise I needed to actually type in the path

    I now have a procedure in place for this situation:

    1. Press Home or Control+A
    2. Type hash character: #
    3. Proceed to going away from task

    That way, if I do mess it up, it's just a comment. Many times I forget that, and bitch that the command doesn't work, before realising there's a hash in front of it.

    Many times I need to run several other commands to find out what needs to be added to the command, so the incomplete comment is also helpfully stored in my bash history, which I can access with Control+R or the arrow keys, to be completed later.

Leave a comment on “The Uninstalling Installer”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article