Gordon Messmer
2016-Feb-01 22:24 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
On 02/01/2016 01:59 PM, John R Pierce wrote:> would deleting the inode /sys/(whatever) actually modify UEFI memory?Yes. That is how the UEFI management interface works.
Valeri Galtsev
2016-Feb-01 22:46 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
On Mon, February 1, 2016 4:24 pm, Gordon Messmer wrote:> On 02/01/2016 01:59 PM, John R Pierce wrote: >> would deleting the inode /sys/(whatever) actually modify UEFI memory? > > Yes. That is how the UEFI management interface works.Will doing rm -rf / actually delete anything in /sys? IMHO, not. The above command first will get to removing /dev, and it will delete /dev/sda1 or whichever device / filesystem lives on. And after that the command will fail, as there will be nothing accessible under / on that system after device root filesystem "/" lives on will be deleted. So, IMHO, that nasty command will never get to /sys, so all related to UEFI vars controlled through /sys filesystem will stay as they are. You will brick the box, but only in a sense you will have to restore /boot on your hard drive and /bin which these days is symlink (on CentOS 7), so actual content of /usr/bin where symlink points will stay intact. And portion of /dev - whatever alphabetically is before root filesystem device. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Gordon Messmer
2016-Feb-01 22:58 UTC
[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System
On 02/01/2016 02:46 PM, Valeri Galtsev wrote:> Will doing > > rm -rf / > > actually delete anything in /sys? IMHO, not.Yes, it will. Probably. It's possible that it'll hang on some of the files in /proc if it gets to that directory before /sys, but that's largely a matter of chance.> The above command first will > get to removing /dev, and it will delete /dev/sda1 or whichever device / > filesystem lives on. And after that the command will fail, as there will > be nothing accessible under / on that system after device root filesystem > "/" lives on will be deleted.Access to your filesystems doesn't depend on the device nodes after they're mounted. You can remove all of the nodes in /dev, and your filesystems remain available. Spin up a VM and test it. I promise, it works.> And portion of /dev - whatever alphabetically is before > root filesystem device.rm doesn't process files in alphabetical order. It processes them in directory order, which is unpredictable.