[Off Topic] Re: Linux security

[Derek Broughton]

Jim Richardson wrote:

> On Sat, 2006-05-06 at 11:50 +0800, Michael Richter wrote:
>> On 05/05/06, Peter Garrett <peter.garrett at optusnet.com.au> wrote:
>>         On Fri, 5 May 2006 13:42:52 +0800
>>         "Michael Richter" <ttmrichter at gmail.com> wrote:
>>         
>>         > cd /
>>         > <enter a string of commands here and, in the process, forget
>>         where you are>
>>         > rm -fR * .old
>>         >
>>         > What was that about "sane defaults" and "graceful error
>>         recovery" that
>>         > someone else was blathering on about again?  There's not so
>>         much as a "are
>>         > you sure you want to kill your system?"-style error message
>>         there.  The
>>         > "sane default" is to trash your whole file system.  From a
>>         moment's
>>         > inattention.
>>         
>>         Quite true. Of course if the user concerned is using Ubuntu,
>>         and has not
>>         enabled a root password, it becomes less likely (not
>>         impossible by any
>>         means, just less likely).
>> 
>> sudo -s
>> <enter password>
>> cd /
>> <do a lot of stuff>
>> rm -fR * .old
>> 
>> Or, for that matter, as you pointed out, just do it in your home
>> directory as yourself.  As was pointed out before users don't care
>> about system files (which are semi-trivial to replace).  They care
>> about user files.  And the "sane default" and "graceful failure" of
>> UNIX systems is to trash everything without so much as a "are you sure
>> about this?" -- something that DOS did in its first incarnation!
>> 
> 
> That's not the default, if it was the default, you wouldn't need the -f
> flag. you *told* it to not bother you with questions, to just do it.
> 
The -f flag is not necessary for this example.  rm -r as root will do plenty
of damage.
-- 
derek