Comment by QuadmasterXLII

Comment by QuadmasterXLII 3 days ago

This doesn't seem conceptually different from running

    [ $[ $RANDOM % 6] = 0 ] && rm -rf / || echo "Click"

on your employer's production server, and the liability doesn't seem murky in either case

staticassertion 3 days ago

What if you wrote something more like:

    # terrible code, never use ty
    def cleanup(dir):
      system("rm -rf {dir}")


    def main():
        work_dir = os.env["WORK_DIR"]
        cleanup(work_dir)

and then due to a misconfiguration "$WORK_DIR" was truncated to be just "/"?

At what point is it negligent?

Reply View 8 replies

direwolf20 3 days ago

This is not hypothetical. Steam and Bumblebee did it.

Reply View | 7 replies
- extraduder_ire 3 days ago
  
  That was the result of an additional space in the path passed to rm, IIRC.
  Though rm /$TARGET where $TARGET is blank is a common enough footgun that --preserve-root exists and is default.
  
  Reply View | 5 replies
  
  extraduder_ire 2 days ago
  
  Found it. is was this line [0] specifically. "rm -rf /usr /lib/nvidia-current/xorg/xorg" instead of "rm -rf /usr/lib/nvidia-current/xorg/xorg", which will delete all of /usr and then fail to delete a non-existent directory at /lib/nvidia-current/xorg/xorg
  0: https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/commi...
  
  Reply View | 0 replies
  
  niyikiza 3 days ago
  
  You'd be surprised to see how often we're seeing those types of semantic attack vulnerabilities in Agent frameworks: https://niyikiza.com/posts/map-territory/
  
  Reply View | 0 replies
  
  cyberax 3 days ago
  
  Even better, $TARGET might be "/home/user/documents and settings /bin"
  
  Reply View | 2 replies
- a_t48 3 days ago
  
  Bungie, too, in a similar way.
  
  Reply View | 0 replies