Linked by Thom Holwerda on Tue 21st Feb 2006 17:59 UTC
Mac OS X "[Last week], we reported on a Trojan horse for Mac OS X that is just like the entry for Earth in the Hitchhiker's Guide to the Galaxy in that it is mostly harmless. A new vulnerability targeted at Apple's home-grown web browser, Safari, is another matter entirely. A German security firm appears to have been the first to discover the Safari flaw, which allows for shell scripts to be executed after clicking a link."
Thread beginning with comment 97925
To read all comments associated with this story, please click here.
rm -rf ~/ can be devastating...
by rakamaka on Tue 21st Feb 2006 20:13 UTC
rakamaka
Member since:
2005-08-12

I agree, but this is not at all a Linux problem, you can do the same in Windows. Against such attacks the only things that really help are regular backups, a thing which many people don't do, well I do it daily, and it really makes me sleep better.

--------------------------------
Which command do you use to delete c:/windows without any recovery action?? at least i don't know any...
rm -rf ~/ still remains vulnerable and it proves linux security may be as shallow as MS.
thats why i asked, is there any on the fly good backup/synchronize program in linux for average joe??

Reply Score: 0

ormandj Member since:
2005-10-09

rmdir C: /s /q

Goodbye C: drive and all subdirectories. You might not "know" any ways of doing things via the command line in windows, that doesn't mean they do not exist. rm -rf ~/ isn't a security vulnerability, it's a feature. If you're too stupid to have backups of important files, and too ignorant to run under a non-privlidged user account, then you deserve losing everything. Maybe it'd teach you a lesson and you'd learn to keep backups and not run as administrator.

As to "on the fly" "good" backup/sync programs, yes. "rsync" is probably what you're looking for. "man rsync".

Reply Parent Score: 5

Ben2040 Member since:
2005-06-29

rm -rf ~/ isn't a security vulnerability, it's a feature. If you're too stupid to have backups of important files, and too ignorant to run under a non-privlidged user account, then you deserve losing everything.

lol! Why the hell would anyone stupid enough to type this even have a command line open?!?! Same for the Windows "flaw"....

Reply Parent Score: 1

Emil Member since:
2005-06-29

sudo -s
cp /bin/rm /bin/rm_org
vi /bin/rm (write a scipt that runs rm with -i)
chmod a+r /bin/rm

You're secure now. Try that on not-UNIX box.

Reply Parent Score: 4

raver31 Member since:
2005-07-06

Almost, it should read..........

sudo -s
cp /bin/rm /bin/rm_org
vi /bin/rm (write a scipt that says ECHO "Aye, Right, sure I will, Dickhead")
chmod a+r /bin/rm

You're secure now. Try that on not-UNIX box.

:)

Reply Parent Score: 1

abraxas Member since:
2005-07-07

You don't have to go to that kind of trouble. Just alias "rm" to "rm -i". Also it's difficult to run a script like that disguised as a jpg or something to that effect because it is not executable. If you can't open a picture because it is not executable you know there is a problem and joe user would have a tough time trying to figure out how to make it executable.

Edited 2006-02-22 05:33

Reply Parent Score: 1