Lazarus

Announcements => Third party => Topic started by: prof7bit on December 03, 2019, 09:40:10 am

Title: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: prof7bit on December 03, 2019, 09:40:10 am
https://github.com/LongDirtyAnimAlf/fpcupdeluxe/issues/162

I just "cleaned up" my download folder (fortunately not my entire home dir).

I'm still shaking.
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: Thaddy on December 03, 2019, 10:23:34 am
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: prof7bit on December 03, 2019, 11:16:55 am
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.

It is not the install directory! It will rm -rf * in the current working directory! No matter where fpcupdeluxe is installed!

You can install it anywhere and put it in your path, then one morning you open up a terminal in ~, you type fpcupdeluxe, you click an innocent button and within a split second your entire home is gone including all its subfolders!

Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: prof7bit on December 03, 2019, 11:24:46 am
Here is a screencast of it happening:

https://www.mikrocontroller.net/attachment/437413/fpcup.mp4
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: guest64953 on December 03, 2019, 12:58:28 pm
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.

It is not the install directory! It will rm -rf * in the current working directory! No matter where fpcupdeluxe is installed!

You can install it anywhere and put it in your path, then one morning you open up a terminal in ~, you type fpcupdeluxe, you click an innocent button and within a split second your entire home is gone including all its subfolders!

Why do you do that? I'm just mkdir ~/Downloads/fpcupdeluxe and I put the fpcupdeluxe binary here, make it executable and run it with ./fpcupdeluxe-* Why do you add it to PATH and run it on arbitrary directory? I know that this tool has so many bugs itself, for example: it will not work if subversion wasn't installed even though I'm using trunkgit version and have git installed. The tool is mainly developed on Windows and Linux, then thank to the cross compiling ability of fpc make it also available for other platforms, many things should be platform specific but he got it hardcoded. I want to make sure you know developing and maintaining such a program on so many platforms is not easy at all. The guys at least willing to fix most of the bugs we reported to him. The tool is just work, don't make thing complicated. It's just you use it the wrong way.
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: del on December 03, 2019, 01:14:18 pm
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.
WTF, Chuck?
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: Xor-el on December 03, 2019, 01:34:33 pm
If you choose garbage, you will get garbage:
Is your little boy really called Drop Table? Oh Yes, dear Bobby Tables.....
Oh, found the link: https://xkcd.com/327/

IOW if you behave stupid, stupid things can happen....

Choose a better install directory.

Where did the poster say he added it to PATH?
He did what every Normal person would do.
Download it and ran it from the download folder.

It is not the install directory! It will rm -rf * in the current working directory! No matter where fpcupdeluxe is installed!

You can install it anywhere and put it in your path, then one morning you open up a terminal in ~, you type fpcupdeluxe, you click an innocent button and within a split second your entire home is gone including all its subfolders!

Why do you do that? I'm just mkdir ~/Downloads/fpcupdeluxe and I put the fpcupdeluxe binary here, make it executable and run it with ./fpcupdeluxe-* Why do you add it to PATH and run it on arbitrary directory? I know that this tool has so many bugs itself, for example: it will not work if subversion wasn't installed even though I'm using trunkgit version and have git installed. The tool is mainly developed on Windows and Linux, then thank to the cross compiling ability of fpc make it also available for other platforms, many things should be platform specific but he got it hardcoded. I want to make sure you know developing and maintaining such a program on so many platforms is not easy at all. The guys at least willing to fix most of the bugs we reported to him. The tool is just work, don't make thing complicated. It's just you use it the wrong way.
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: prof7bit on December 03, 2019, 02:30:02 pm
I could debug it on my machine, it happens when it tries to delete binutils and libs folders, both paths are empty strings and in the version of DeleteDirectoryEx() that is shipped with fpcupdeluxe this will expand to the current working directory.

See here:
https://github.com/LongDirtyAnimAlf/fpcupdeluxe/issues/162#issuecomment-561155905


Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: prof7bit on December 03, 2019, 02:41:00 pm

Why do you do that?

Everybody does that all the time: You install a program (say for example fpc or lazbuild or firefox or python3 or whatever) and put it on your PATH if you plan to use it more often than just once. Or you put it into your ~/.local/bin, there are plenty of scripts there, thank god I was too lazy to put it there bacause thats where these kinds of tools usually belong! Then you run it from wherever you happen to be and you do NOT under any circumstances expect a program you just started to rm -rf * your cwd! Never ever!

Thank god I happened to be in the download folder which I wanted to empty anyways when I started it! I also could have been in my home folder (default for a newly opened terminal) and started it with its full absolute path, something I also often do for stuff that is not on the path! Bang, home dir gone!
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: guest64953 on December 03, 2019, 02:50:55 pm
Where did the poster say he added it to PATH?
He did what every Normal person would do.
Download it and ran it from the download folder.

No. You misread his post. I was, too. That's the reason why I edited my post.

He explicitly said that on his original post and it's even more clear with his post at #8.
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: DonAlfredo on December 03, 2019, 02:59:31 pm
This bug has already been reported on Github.
Its a usercase I have not forseen.
Next release will solve.
Util that time: do not use the remove compiler "feature".
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: guest64953 on December 03, 2019, 03:00:34 pm

Why do you do that?

Everybody does that all the time: You install a program (say for example fpc or lazbuild or firefox or python3 or whatever) and put it on your PATH if you plan to use it more often than just once. Or you put it into your ~/.local/bin, there are plenty of scripts there, thank god I was too lazy to put it there bacause thats where these kinds of tools usually belong! Then you run it from wherever you happen to be and you do NOT under any circumstances expect a program you just started to rm -rf * your cwd! Never ever!

Thank god I happened to be in the download folder which I wanted to empty anyways when I started it! I also could have been in my home folder (default for a newwly opened terminal) and started it with its full absolute path, something I also often do for stuff that is not on the path! Bang, home dir gone!

Only you do that. If I want Fpcupdeluxe, I will go to the directory I preserved for it and run it with ./fpcupdeluxe-*, or simply just click or double click to run it.

Remember, you only put applications into ~/bin or ~/.local/bin if they are command line applications. Fpcupdeluxe is a graphical application. Do you expect to run a GUI application from the terminal? I will not. At least I will create a .desktop file for it and start it through that .desktop file.

But anyway, thank you. Because of your non-standard way of using it, we know Fpcupdeluxe has such a bug. People use it the proper way like me will never discover that bug  ;)
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: Xor-el on December 03, 2019, 03:11:06 pm
Where did the poster say he added it to PATH?
He did what every Normal person would do.
Download it and ran it from the download folder.

No. You misread his post. I was, too. That's the reason why I edited my post.

He explicitly said that on his original post and it's even more clear with his post at #8.

Oh I see.  ::)
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: prof7bit on December 03, 2019, 03:16:14 pm

But anyway, thank you. Because of your non-standard way of using it, we know Fpcupdeluxe has such a bug. People use it the proper way like me will never discover that bug  ;)

It seems you still did not understand what happened: It deleted the current working directory. In my case it deleted itself, all its ini files and all other files and folders next to it. It had nothing to do with the way I used it.

Have you seen the screencast I linked above? I put it in its own folder and started it, just like you suggested. The outcome was it deleted itself and all of its ini files! Deleting CWD is the most severe bug you can ever imagine, it has absolutely nothing to do with the way one uses it.

Making a desktop shortcut and clicking on it would have deleted the entire home directory on XFCE and possibly others because the CWD is not set in these desktop starters by default.
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: MarkMLl on December 03, 2019, 04:36:06 pm
Remember, you only put applications into ~/bin or ~/.local/bin if they are command line applications. Fpcupdeluxe is a graphical application. Do you expect to run a GUI application from the terminal? I will not. At least I will create a .desktop file for it and start it through that .desktop file.

If that is the case, why do programmers including the authors of the Lazarus IDE output console messages? And why is it desirable- in fact well nigh essential- to look for console output messages when finding out why a GUI-oriented program vanishes without trace? And why do the majority of such programs come without an installation script, and an adjacent icon for the menu system?

I agree with OP: a program, whether or not it uses a GUI, should only delete stuff that it is absolutely certain it owns: and even then it should chack that that's what the system owner requires. That's one of the reason why Debian's apt/apt-get package manager has separate "remove" and "purge" commands.

MarkMLl
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: guest64953 on December 04, 2019, 05:07:01 pm

But anyway, thank you. Because of your non-standard way of using it, we know Fpcupdeluxe has such a bug. People use it the proper way like me will never discover that bug  ;)

It seems you still did not understand what happened: It deleted the current working directory. In my case it deleted itself, all its ini files and all other files and folders next to it. It had nothing to do with the way I used it.

Have you seen the screencast I linked above? I put it in its own folder and started it, just like you suggested. The outcome was it deleted itself and all of its ini files! Deleting CWD is the most severe bug you can ever imagine, it has absolutely nothing to do with the way one uses it.

Making a desktop shortcut and clicking on it would have deleted the entire home directory on XFCE and possibly others because the CWD is not set in these desktop starters by default.

What is your definition of CWD?

I imagined you put it to PATH, then on another directory where it isn't placed you open a terminal window and issue ./ to execute it. I think this dir, which is returned by pwd, is the CWD.

Your CWD instead seemed to be the directory where it is placed.

If your CWD is the same as me, there is nothing wrong. I can never be hurt by this bug at all, because I will never put it to PATH and execute it elsewhere, nor I will put it on my ~ as I am too lazy so I just left it at ~/Downloads. It could wiped my Downloads dir, which I prefer to be empty after all.

I can't view your screencast. On OpenIndiana, there is no way to play video or even audio file. VLC exists on the pkg repo, but will not work. The only way I could watch video is on youtube using Firefox web browser. OK, I almost forgot. Firefox could open the .mp4 as well. This is my mistake.

I said about GUI applications in general, it's my way of manage them. I'm too lucky, thank you very much for informed that this app has that serious bug, I not yet make a .desktop file for it. Anyway, you could open the .desktop file by your favorite text editor and add the CWD yourself.

I think we should end our discussion here. I admit I'm wrong and this bug is very serious. Thank you for informed us  :)
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: guest64953 on December 04, 2019, 05:10:56 pm
Remember, you only put applications into ~/bin or ~/.local/bin if they are command line applications. Fpcupdeluxe is a graphical application. Do you expect to run a GUI application from the terminal? I will not. At least I will create a .desktop file for it and start it through that .desktop file.

If that is the case, why do programmers including the authors of the Lazarus IDE output console messages? And why is it desirable- in fact well nigh essential- to look for console output messages when finding out why a GUI-oriented program vanishes without trace? And why do the majority of such programs come without an installation script, and an adjacent icon for the menu system?

MarkMLl

This is for debug purpose only. If you started firefox on the terminal, you will see a bunch of error messages. This is not what normal user would want to see. I'm said as a normal user. So I tried to mute these error messages by starting them directly by click/double click on them or via .desktop file, where I think the stderr to be null, or with some programs you could also find the error messages on dmesg.
Title: Re: WARNING: fpcupdeluxe will rm -rf your home directory (or whichever is your CWD)
Post by: MarkMLl on December 04, 2019, 05:31:56 pm
This is for debug purpose only. If you started firefox on the terminal, you will see a bunch of error messages. This is not what normal user would want to see. I'm said as a normal user. So I tried to mute these error messages by starting them directly by click/double click on them or via .desktop file, where I think the stderr to be null, or with some programs you could also find the error messages on dmesg.

As a normal user that is entirely reasonable. But in that case I suggest not trying to dictate hard-and-fast rules like "X11 programs do not go in /bin" and so on.

In actual fact- and softening my earlier position a bit- for a long time the programs in /bin were the ones which were needed to get the system from its initial single-user initialised state to being able to mount the /usr and /home trees- which might be presented by a remote server over NFS. Hence it would be entirely reasonable to say "no graphical programs in there"... which is not a rule that Debian (as one particular example) obeys any more. Also I think that there are general moves afoot to merge /usr/bin back into /bin, so again the distinction is getting blurred.

MarkMLl