|
From: | Jesús Hernández Gormaz |
Subject: | bug#10498: New patch for rm. Jesús Hernández Gormaz. |
Date: | Sat, 14 Jan 2012 02:35:53 +0000 |
Hello, I am Jesús Hernández Gormaz. The attachment DIFF is the patch obtained (as indicated in the HACKING file) with the command: git format-patch --stdout -1 > DIFF Rm program using the - no-preserve-root to delete the entire root directory recursively, without prompting. This makes it possible to hide the command between the lines of a script that appears to have a useful function and need root permissions, eliminating the user's system without the knowledge of this. In script_of_deception.sh can see an example, very simple and not realistic to serve only as an example of how you could trick the user (CAUTION: DO NOT RUN without a rm has already applied my patch). Tabi included some screenshots of rm with my changes in operation, both running rm-fr - no-preserve-root / script_of_deception.sh running manually and in both cases preventing the removal of the operating system without explicit user confirmation. The idea that this would be a nice change arose from the cycle classes of microcomputer systems and networks, studying the scripts of GNU / Linux in one of the practices planning to run an rm to delete the entire root directory, and the teacher was with superuser permissions for scripts you need. In a few seconds, and without prompting, the system was completely erased. Asking the user for confirmation nasty accidents can be avoided by running a script that someone wrote in a malicious way. -- JHG.
DIFF
Description: Binary data
script_of_deception.sh
Description: Bourne shell script
rm-0.png
Description: PNG image
rm-1.png
Description: PNG image
rm-2.png
Description: PNG image
[Prev in Thread] | Current Thread | [Next in Thread] |