Comment by staticassertion

What if you wrote something more like:

    # terrible code, never use ty
    def cleanup(dir):
      system("rm -rf {dir}")


    def main():
        work_dir = os.env["WORK_DIR"]
        cleanup(work_dir)

and then due to a misconfiguration "$WORK_DIR" was truncated to be just "/"?

At what point is it negligent?

direwolf20 3 days ago

This is not hypothetical. Steam and Bumblebee did it.

Reply View 7 replies

extraduder_ire 3 days ago

That was the result of an additional space in the path passed to rm, IIRC.
Though rm /$TARGET where $TARGET is blank is a common enough footgun that --preserve-root exists and is default.

Reply View | 5 replies
- extraduder_ire 2 days ago
  
  Found it. is was this line [0] specifically. "rm -rf /usr /lib/nvidia-current/xorg/xorg" instead of "rm -rf /usr/lib/nvidia-current/xorg/xorg", which will delete all of /usr and then fail to delete a non-existent directory at /lib/nvidia-current/xorg/xorg
  0: https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/commi...
  
  Reply View | 0 replies
- niyikiza 3 days ago
  
  You'd be surprised to see how often we're seeing those types of semantic attack vulnerabilities in Agent frameworks: https://niyikiza.com/posts/map-territory/
  
  Reply View | 0 replies
- cyberax 3 days ago
  
  Even better, $TARGET might be "/home/user/documents and settings /bin"
  
  Reply View | 2 replies
  
  extraduder_ire 2 days ago
  
  I believe that is what staticassertion was suggesting. / is a poor example because of --preserve-root being the default.
  
  Reply View | 1 reply
  
  cyberax 2 days ago
  
  Not quite. The grandparent's example was missing quotes around $TARGET. Which is yet _another_ footgun.
  Without quotes it becomes: `rm -Rf /home/user/documents and settings /bin`
  
  Reply View | 0 replies
a_t48 3 days ago

Bungie, too, in a similar way.

Reply View | 0 replies