Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigate potential risks of rm command #36

Closed
john-aws opened this issue Feb 1, 2024 · 0 comments · Fixed by #47
Closed

Mitigate potential risks of rm command #36

john-aws opened this issue Feb 1, 2024 · 0 comments · Fixed by #47
Assignees
@scrthq

Comments

@john-aws
Copy link
Contributor

john-aws commented Feb 1, 2024

The ash script contains two calls to rm of directory entries that are prefixed by shell variables:

rm -rf "${OUTPUT_DIR}"/work
rm -f "${OUTPUT_DIR}"/"${AGGREGATED_RESULTS_REPORT_FILENAME}"

While unlikely, it is not inconceivable that a bug could be introduced into the script whereby one or more of the shell variables evaluates to an empty string, thus causing rm to attempt to remove the wrong thing. The presence of the -f force flag adds additional jeopardy.

A famous variant of this problem was the Ran steam. It deleted everything on system owned by user bug where a Steam bash script ran rm -rf "$STEAMROOT/"* when $STEAMROOT was inadvertently empty. More discussion here.

Some suggestions for mitigating a mistake:

  1. set -u
  2. set -euo pipefail
  3. check the shell variables are not empty before executing the rm command
  4. so-called bash strict mode
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@scrthq scrthq

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@john-aws @scrthq