m.roth at 5-cent.us
2016-Feb-01 19:33 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
Excerpt: Running rm -rf / on any UEFI Linux distribution can potentially perma-brick your system. As a public service announcement, recursively removing all of your files from / is no longer recommended. On UEFI distributions by default where EFI variables are accessible via /sys, this can now mean trashing your UEFI implementation. There is this systemd bug report requesting that UEFI variables be mounted as read-only by default. Lennart Poettering had initially responded and simply said, "Well, there are tools that actually want to write it. We also expose /dev/sda accessible for root, even though it can be used to hose your system. The ability to hose a system is certainly reason enought to make sure it's well protected and only writable to root. But beyond that: root can do anything really." He then closed the ticket. --- end excerpt --- <http://www.phoronix.com/scan.php?page=news_item&px=UEFI-rm-root-directory> "And they closed the ticket"? That tuxedo on the cockroach is so elegent! Ok, *now* tell me why we shouldn't hate systemd? mark
Chris Adams
2016-Feb-01 19:44 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
Once upon a time, m.roth at 5-cent.us <m.roth at 5-cent.us> said:> Excerpt: > Running rm -rf / on any UEFI Linux distribution can potentially > perma-brick your system.Did someone think running "rm -rf /" is a good idea?> Ok, *now* tell me why we shouldn't hate systemd?This has zero to do with systemd. This is a by-product of how the kernel driver and user-space tools for EFI are implemented. The kernel driver exposes EFI variables in a writable sysfs filesystem, and so that's how the user-space tools set/update/delete the variables. Trying to force a change on that interaction from an intermediary is just wrong. If the maintainers for the EFI-related code think it should change, they'll need to coordinate that change between the kernel and user-space. The bigger issue is that there is apparently some UEFI implementations that can't handle certain variables being deleted or overwritten. Yes, that could happen from an errant rm, but there are other ways that could happen. Vendors that can't recover in some way (like BIOS CMOS corruption can be recovered with a jumper) should be named-and-shamed as well as potentially blacklisted in some way in the EFI driver. -- Chris Adams <linux at cmadams.net>
Frank Cox
2016-Feb-01 19:54 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
On Mon, 1 Feb 2016 13:44:48 -0600 Chris Adams wrote:> Did someone think running "rm -rf /" is a good idea?Quote from one of the people who commented on that article: QUOTE: You have this in a script: rm -rf "${DIRECTORY}"/ Now, you have a bug in the script and ${DIRECTORY} is not initialized. You then get rm -rf / executed. One should always ensure that DIRECTORY is not empty before running this. Or better, never end with /. If you have rm -rf "${DIRECTORY}", then only rm -rf gets executed, causing rm to fail since no file/directory is provided. END OF QUOTE -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
Valeri Galtsev
2016-Feb-01 19:56 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
On Mon, February 1, 2016 1:33 pm, m.roth at 5-cent.us wrote:> Excerpt: > Running rm -rf / on any UEFI Linux distribution can potentially > perma-brick your system.Yes, I kind of like "rm -rf /". If my memory doesn't fail me, long ago it was one of the tricky questions in sysadmin exam (not that anymore if I read what you, Michael, write further correctly...). Anyway, let's imagine we are back then, then what rm -rf / will do you your system? How dramatic this command is? Well, it definitely will obliterate your /etc with all your settings. Then it will start deleting /dev, and once it deletes the block device your root filesystem "/" lives on, all trouble ends there. So, you just take your drive, and you will be able to mount on different machine /home, /usr, /var and what's left of your / partition. /etc is gone, bit this only as dramatic as it gets (thanks for alphabetical order the command follows). Sorry about long spam message, everybody. I just so liked that tricky question from my past, I couldn't hold myself. Valeri> > As a public service announcement, recursively removing all of your files > from / is no longer recommended. On UEFI distributions by default where > EFI variables are accessible via /sys, this can now mean trashing your > UEFI implementation. > > There is this systemd bug report requesting that UEFI variables be mounted > as read-only by default. Lennart Poettering had initially responded and > simply said, "Well, there are tools that actually want to write it. We > also expose /dev/sda accessible for root, even though it can be used to > hose your system. The ability to hose a system is certainly reason enought > to make sure it's well protected and only writable to root. But beyond > that: root can do anything really." He then closed the ticket. > --- end excerpt --- > > <http://www.phoronix.com/scan.php?page=news_item&px=UEFI-rm-root-directory> > > "And they closed the ticket"? That tuxedo on the cockroach is so elegent! > > Ok, *now* tell me why we shouldn't hate systemd? > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Richard Zimmerman
2016-Feb-01 20:47 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
>> Excerpt: >> Running rm -rf / on any UEFI Linux distribution can potentially perma-brick your system. > > "And they closed the ticket"? That tuxedo on the cockroach is so elegent! > Ok, *now* tell me why we shouldn't hate systemd? > markAs much as I don't like systemd, it has NOTHING to do with system and everything to a poor admin or newbie blindly following others advice. My suggestion is to ALWAYS fully qualify *ANY* directory you want to rm -rf, period. I speak from experience. Years ago had a script that would cd into a directory and then rm - rf * it. Problem started when I accidently deleted said dir and the PREVIOUS dir was /. Needless to say, the server was happily committing suicide before I figured out the problem. Lessons learned: 1. Fully qualify ANY rm -rf command 2. Make sure you always have good backups, I did! 3. I became really, really good at disaster recovery :) 4. Upper Management WILL get cranky over an event like this! Just my 2 cents worth... Richard --- Richard Zimmerman Systems / Network Administrator River Bend Hose Specialty, Inc. 1111 S Main Street South Bend, IN 46601-3337 (574) 233-1133 (574) 280-7284 Fax
Valeri Galtsev
2016-Feb-01 21:48 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
On Mon, February 1, 2016 1:56 pm, Valeri Galtsev wrote:> > On Mon, February 1, 2016 1:33 pm, m.roth at 5-cent.us wrote: >> Excerpt: >> Running rm -rf / on any UEFI Linux distribution can potentially >> perma-brick your system. > > Yes, I kind of like "rm -rf /". If my memory doesn't fail me, long ago it > was one of the tricky questions in sysadmin exam (not that anymore if I > read what you, Michael, write further correctly...). Anyway, let's imagine > we are back then, then what > > rm -rf / > > will do you your system? How dramatic this command is? > > Well, it definitely will obliterate your /etc with all your settings. Then > it will start deleting /dev, and once it deletes the block device your > root filesystem "/" lives on, all trouble ends there. So, you just take > your drive, and you will be able to mount on different machine /home, > /usr, /var and what's left of your / partition. /etc is gone, bit this > only as dramatic as it gets (thanks for alphabetical order the command > follows).I just discovered that I couldn't even re-cite alphabet correctly today: it is /bin that you loose, but /etc alphabetically goes after /dev, so will not even loose your /etc, all you will need it to restore portion of your /dev and the whole /bib (which you can do easily if you have "twin" system around...)> > Sorry about long spam message, everybody. I just so liked that tricky > question from my past, I couldn't hold myself. > > Valeri > >> >> As a public service announcement, recursively removing all of your files >> from / is no longer recommended. On UEFI distributions by default where >> EFI variables are accessible via /sys, this can now mean trashing your >> UEFI implementation. >> >> There is this systemd bug report requesting that UEFI variables be >> mounted >> as read-only by default. Lennart Poettering had initially responded and >> simply said, "Well, there are tools that actually want to write it. We >> also expose /dev/sda accessible for root, even though it can be used to >> hose your system. The ability to hose a system is certainly reason >> enought >> to make sure it's well protected and only writable to root. But beyond >> that: root can do anything really." He then closed the ticket. >> --- end excerpt --- >> >> <http://www.phoronix.com/scan.php?page=news_item&px=UEFI-rm-root-directory> >> >> "And they closed the ticket"? That tuxedo on the cockroach is so >> elegent! >> >> Ok, *now* tell me why we shouldn't hate systemd? >> >> mark >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Sorin Srbu
2016-Feb-02 06:35 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of m.roth at 5-cent.us > Sent: den 1 februari 2016 20:34 > To: CentOS > Subject: [CentOS] In A UEFI World, "rm -rf /" Can Brick Your System > > As a public service announcement, recursively removing all of your files > from / is no longer recommended.I'm not following, has it ever been recommended (on a working system)?? Or is this one of those ironic posts? 8-) -- //Sorin
Tony Mountifield
2016-Feb-02 10:18 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
In article <75D47FDC6A99F24F87A6465BAF326D5018C50F69 at COLUMBA02.user.uu.se>, Sorin Srbu <Sorin.Srbu at orgfarm.uu.se> wrote:> > -----Original Message----- > > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > > Behalf Of m.roth at 5-cent.us > > Sent: den 1 februari 2016 20:34 > > To: CentOS > > Subject: [CentOS] In A UEFI World, "rm -rf /" Can Brick Your System > > > > As a public service announcement, recursively removing all of your files > > from / is no longer recommended. > > I'm not following, has it ever been recommended (on a working system)?? > > Or is this one of those ironic posts? 8-)I think the point is that hitherto, if you kill a system with "rm -rf /", you can still do a re-installation from scratch. If I understand correctly what people are saying, killing the UEFI stuff stops you ever being able to do a re-install on that box. Is that correct? Is there no way to do a factory reset of the BIOS? Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org