Recent

Author Topic: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)  (Read 3499 times)

prof7bit

  • Full Member
  • ***
  • Posts: 161
https://github.com/LongDirtyAnimAlf/fpcupdeluxe/issues/162

I just "cleaned up" my download folder (fortunately not my entire home dir).

I'm still shaking.

Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.
Specialize a type, not a var.

prof7bit

  • Full Member
  • ***
  • Posts: 161
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.

It is not the install directory! It will rm -rf * in the current working directory! No matter where fpcupdeluxe is installed!

You can install it anywhere and put it in your path, then one morning you open up a terminal in ~, you type fpcupdeluxe, you click an innocent button and within a split second your entire home is gone including all its subfolders!

« Last Edit: December 03, 2019, 11:23:12 am by prof7bit »

prof7bit

  • Full Member
  • ***
  • Posts: 161

guest64953

  • Guest
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.

It is not the install directory! It will rm -rf * in the current working directory! No matter where fpcupdeluxe is installed!

You can install it anywhere and put it in your path, then one morning you open up a terminal in ~, you type fpcupdeluxe, you click an innocent button and within a split second your entire home is gone including all its subfolders!

Why do you do that? I'm just mkdir ~/Downloads/fpcupdeluxe and I put the fpcupdeluxe binary here, make it executable and run it with ./fpcupdeluxe-* Why do you add it to PATH and run it on arbitrary directory? I know that this tool has so many bugs itself, for example: it will not work if subversion wasn't installed even though I'm using trunkgit version and have git installed. The tool is mainly developed on Windows and Linux, then thank to the cross compiling ability of fpc make it also available for other platforms, many things should be platform specific but he got it hardcoded. I want to make sure you know developing and maintaining such a program on so many platforms is not easy at all. The guys at least willing to fix most of the bugs we reported to him. The tool is just work, don't make thing complicated. It's just you use it the wrong way.

del

  • Sr. Member
  • ****
  • Posts: 258
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.
WTF, Chuck?

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.

Where did the poster say he added it to PATH?
He did what every Normal person would do.
Download it and ran it from the download folder.

It is not the install directory! It will rm -rf * in the current working directory! No matter where fpcupdeluxe is installed!

You can install it anywhere and put it in your path, then one morning you open up a terminal in ~, you type fpcupdeluxe, you click an innocent button and within a split second your entire home is gone including all its subfolders!

Why do you do that? I'm just mkdir ~/Downloads/fpcupdeluxe and I put the fpcupdeluxe binary here, make it executable and run it with ./fpcupdeluxe-* Why do you add it to PATH and run it on arbitrary directory? I know that this tool has so many bugs itself, for example: it will not work if subversion wasn't installed even though I'm using trunkgit version and have git installed. The tool is mainly developed on Windows and Linux, then thank to the cross compiling ability of fpc make it also available for other platforms, many things should be platform specific but he got it hardcoded. I want to make sure you know developing and maintaining such a program on so many platforms is not easy at all. The guys at least willing to fix most of the bugs we reported to him. The tool is just work, don't make thing complicated. It's just you use it the wrong way.

prof7bit

  • Full Member
  • ***
  • Posts: 161
I could debug it on my machine, it happens when it tries to delete binutils and libs folders, both paths are empty strings and in the version of DeleteDirectoryEx() that is shipped with fpcupdeluxe this will expand to the current working directory.

See here:
https://github.com/LongDirtyAnimAlf/fpcupdeluxe/issues/162#issuecomment-561155905



prof7bit

  • Full Member
  • ***
  • Posts: 161

Why do you do that?

Everybody does that all the time: You install a program (say for example fpc or lazbuild or firefox or python3 or whatever) and put it on your PATH if you plan to use it more often than just once. Or you put it into your ~/.local/bin, there are plenty of scripts there, thank god I was too lazy to put it there bacause thats where these kinds of tools usually belong! Then you run it from wherever you happen to be and you do NOT under any circumstances expect a program you just started to rm -rf * your cwd! Never ever!

Thank god I happened to be in the download folder which I wanted to empty anyways when I started it! I also could have been in my home folder (default for a newly opened terminal) and started it with its full absolute path, something I also often do for stuff that is not on the path! Bang, home dir gone!
« Last Edit: December 03, 2019, 02:55:01 pm by prof7bit »

guest64953

  • Guest
Where did the poster say he added it to PATH?
He did what every Normal person would do.
Download it and ran it from the download folder.

No. You misread his post. I was, too. That's the reason why I edited my post.

He explicitly said that on his original post and it's even more clear with his post at #8.

DonAlfredo

  • Hero Member
  • *****
  • Posts: 1739
This bug has already been reported on Github.
Its a usercase I have not forseen.
Next release will solve.
Util that time: do not use the remove compiler "feature".

guest64953

  • Guest

Why do you do that?

Everybody does that all the time: You install a program (say for example fpc or lazbuild or firefox or python3 or whatever) and put it on your PATH if you plan to use it more often than just once. Or you put it into your ~/.local/bin, there are plenty of scripts there, thank god I was too lazy to put it there bacause thats where these kinds of tools usually belong! Then you run it from wherever you happen to be and you do NOT under any circumstances expect a program you just started to rm -rf * your cwd! Never ever!

Thank god I happened to be in the download folder which I wanted to empty anyways when I started it! I also could have been in my home folder (default for a newwly opened terminal) and started it with its full absolute path, something I also often do for stuff that is not on the path! Bang, home dir gone!

Only you do that. If I want Fpcupdeluxe, I will go to the directory I preserved for it and run it with ./fpcupdeluxe-*, or simply just click or double click to run it.

Remember, you only put applications into ~/bin or ~/.local/bin if they are command line applications. Fpcupdeluxe is a graphical application. Do you expect to run a GUI application from the terminal? I will not. At least I will create a .desktop file for it and start it through that .desktop file.

But anyway, thank you. Because of your non-standard way of using it, we know Fpcupdeluxe has such a bug. People use it the proper way like me will never discover that bug  ;)

Xor-el

  • Sr. Member
  • ****
  • Posts: 404
Where did the poster say he added it to PATH?
He did what every Normal person would do.
Download it and ran it from the download folder.

No. You misread his post. I was, too. That's the reason why I edited my post.

He explicitly said that on his original post and it's even more clear with his post at #8.

Oh I see.  ::)

prof7bit

  • Full Member
  • ***
  • Posts: 161

But anyway, thank you. Because of your non-standard way of using it, we know Fpcupdeluxe has such a bug. People use it the proper way like me will never discover that bug  ;)

It seems you still did not understand what happened: It deleted the current working directory. In my case it deleted itself, all its ini files and all other files and folders next to it. It had nothing to do with the way I used it.

Have you seen the screencast I linked above? I put it in its own folder and started it, just like you suggested. The outcome was it deleted itself and all of its ini files! Deleting CWD is the most severe bug you can ever imagine, it has absolutely nothing to do with the way one uses it.

Making a desktop shortcut and clicking on it would have deleted the entire home directory on XFCE and possibly others because the CWD is not set in these desktop starters by default.
« Last Edit: December 03, 2019, 03:27:47 pm by prof7bit »

MarkMLl

  • Hero Member
  • *****
  • Posts: 6676
Remember, you only put applications into ~/bin or ~/.local/bin if they are command line applications. Fpcupdeluxe is a graphical application. Do you expect to run a GUI application from the terminal? I will not. At least I will create a .desktop file for it and start it through that .desktop file.

If that is the case, why do programmers including the authors of the Lazarus IDE output console messages? And why is it desirable- in fact well nigh essential- to look for console output messages when finding out why a GUI-oriented program vanishes without trace? And why do the majority of such programs come without an installation script, and an adjacent icon for the menu system?

I agree with OP: a program, whether or not it uses a GUI, should only delete stuff that it is absolutely certain it owns: and even then it should chack that that's what the system owner requires. That's one of the reason why Debian's apt/apt-get package manager has separate "remove" and "purge" commands.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

 

TinyPortal © 2005-2018