This is the mail archive of the
mailing list for the Cygwin project.
Re: EXTERNAL: Virus that deletes everything under c:/cygwin?
On 29/03/2011 10:12, Thorsten Kampe wrote:
> * Dante Allegria (Mon, 28 Mar 2011 10:07:32 -0700 (PDT))
>> No, turns out it was because someone committed this into the nightly
>> build scripts:
>> rm -rf $(DOES_NOT_EXIST)/*
>> <sigh> Should cygwin's rm have some built-in safeguards for this? :)
> Sure, it does. It's called "intelligent scripting" and it includes
> setting "errexit" and "nounset" in bash or Z Shell. If you are scripting
> and not using those above, then you got exactly what you deserved.
Judging by those brackets being round rather than curly, I wouldn't have
thought we're dealing with a bash variable here but a makefile one, so nounset
isn't going to help if make just hands it a well-formed "rm -rf /*" command.
As for "rm", it already does kind-of have safeguards against this, and
that's what the -f option is for - it turns them off. So, what you'd really
need to avoid this problem is some kind of safeguards that can't possibly be
turned off... which would somewhat limit the general usability of "rm".
That's why it doesn't have any built-in; but you can get the same effect by
replacing "rm" with a wrapper script in your build environment, and put any
safeguards you want (e.g.: disallow -f option, check for sane paths correctly
located under build dir, etc. etc.) into that. You could use coding standards
and repository commit hooks to make sure that every script uses "$(RM)" rather
than invoking "rm" explicitly, and set that to point to your wrapper in some
central include file, and bingo.
An alternative possibility: do all your builds in a chroot'ed jail. Jails
may not be effective as security measures since it's possible to deliberately
break out of them, but they'd certainly work to protect against this kind of
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple