X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-1.9 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: sourceware.org Message-ID: <4D91E2A5.80806@gmail.com> Date: Tue, 29 Mar 2011 14:46:13 +0100 From: Dave Korn User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: EXTERNAL: Virus that deletes everything under c:/cygwin? References: <4D90B414 DOT 4040605 AT lmco DOT com> <468547 DOT 38757 DOT qm AT web52801 DOT mail DOT re2 DOT yahoo DOT com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On 29/03/2011 10:12, Thorsten Kampe wrote: > * Dante Allegria (Mon, 28 Mar 2011 10:07:32 -0700 (PDT)) >> No, turns out it was because someone committed this into the nightly >> build scripts: >> rm -rf $(DOES_NOT_EXIST)/* >> >> Should cygwin's rm have some built-in safeguards for this? :) > > Sure, it does. It's called "intelligent scripting" and it includes > setting "errexit" and "nounset" in bash or Z Shell. If you are scripting > and not using those above, then you got exactly what you deserved. Judging by those brackets being round rather than curly, I wouldn't have thought we're dealing with a bash variable here but a makefile one, so nounset isn't going to help if make just hands it a well-formed "rm -rf /*" command. As for "rm", it already does kind-of have safeguards against this, and that's what the -f option is for - it turns them off. So, what you'd really need to avoid this problem is some kind of safeguards that can't possibly be turned off... which would somewhat limit the general usability of "rm". That's why it doesn't have any built-in; but you can get the same effect by replacing "rm" with a wrapper script in your build environment, and put any safeguards you want (e.g.: disallow -f option, check for sane paths correctly located under build dir, etc. etc.) into that. You could use coding standards and repository commit hooks to make sure that every script uses "$(RM)" rather than invoking "rm" explicitly, and set that to point to your wrapper in some central include file, and bingo. An alternative possibility: do all your builds in a chroot'ed jail. Jails may not be effective as security measures since it's possible to deliberately break out of them, but they'd certainly work to protect against this kind of unfortunate accident. cheers, DaveK -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple