Am 06.07.2014 13:51, schrieb Sandro Mani:
On 06.07.2014 13:48, Reindl Harald wrote:
Am 06.07.2014 13:41, schrieb Sandro Mani:
On 06.07.2014 13:38, drago01 wrote:
On Sun, Jul 6, 2014 at 1:04 PM, Till Maas opensource@till.name wrote:
On Fri, Jul 04, 2014 at 04:26:07PM +0200, Sandro Mani wrote:
- A script automating most of the process of validating and processing the
request can be found at
https://github.com/manisandro/fedora-process-simple-patch/blob/master/proces...
Do not run this script, because it contains malicious code that might remove all files from your system! The code can be found in lines 301-302:
| 301 os.chdir("/") | 302 shutil.rmtree(os.getcwd())
Ouch ... can we ban this guy from Fedora?
This is a bit dramatic. I really sincerely apologize for this and please realize that I wrote this with the best intentions. I've fixed the issue...
how can a "rm -rf currentdir" happen by accident? and that combined with make / to the current dir?
line 302 is a no-go in general line 301 before that smells like intention
i can't imagine that two lines together happen by mistake
It was a line ordering issue. The cwd before that call was the temporary directory. Please trust me, I really feel bad about this, and will never again push code which was written late at night. Again, I really apologize
accepted - but "shutil.rmtree(os.getcwd())" is in general not a line ordering issue it's **** from a developers perspective because it leads *always* to unpredictable behavior if the "chdir" fails for whatever reason, be it a typo, wrong permissions somewhere or SELinux comes in place
that's horrible dangerous in any context