WARNING: malicious code
Sandro Mani
manisandro at gmail.com
Sun Jul 6 11:51:54 UTC 2014
On 06.07.2014 13:48, Reindl Harald wrote:
>
> Am 06.07.2014 13:41, schrieb Sandro Mani:
>> On 06.07.2014 13:38, drago01 wrote:
>>> On Sun, Jul 6, 2014 at 1:04 PM, Till Maas <opensource at till.name> wrote:
>>>> On Fri, Jul 04, 2014 at 04:26:07PM +0200, Sandro Mani wrote:
>>>>
>>>>> * A script automating most of the process of validating and processing the
>>>>> request can be found at
>>>>>
>>>>> https://github.com/manisandro/fedora-process-simple-patch/blob/master/process-simple-patch.py
>>>> Do not run this script, because it contains malicious code that
>>>> might remove all files from your system! The code can be found in lines
>>>> 301-302:
>>>>
>>>> | 301 os.chdir("/")
>>>> | 302 shutil.rmtree(os.getcwd())
>>> Ouch ... can we ban this guy from Fedora?
>> This is a bit dramatic. I really sincerely apologize for this and please
>> realize that I wrote this with the best
>> intentions. I've fixed the issue...
> how can a "rm -rf currentdir" happen by accident?
> and that combined with make / to the current dir?
>
> line 302 is a no-go in general
> line 301 before that smells like intention
>
> i can't imagine that two lines together happen by mistake
>
It was a line ordering issue.
The cwd before that call was the temporary directory.
Please trust me, I really feel bad about this, and will never again push
code which was written late at night. Again, I really apologize.
More information about the devel
mailing list