WARNING: malicious code
Lubomir Rintel
lkundrak at v3.sk
Tue Jul 8 06:53:08 UTC 2014
On Sun, 2014-07-06 at 13:48 +0200, Reindl Harald wrote:
>
> Am 06.07.2014 13:41, schrieb Sandro Mani:
> > On 06.07.2014 13:38, drago01 wrote:
> >> On Sun, Jul 6, 2014 at 1:04 PM, Till Maas <opensource at till.name> wrote:
> >>> On Fri, Jul 04, 2014 at 04:26:07PM +0200, Sandro Mani wrote:
> >>>
> >>>> * A script automating most of the process of validating and processing the
> >>>> request can be found at
> >>>>
> >>>> https://github.com/manisandro/fedora-process-simple-patch/blob/master/process-simple-patch.py
> >>> Do not run this script, because it contains malicious code that
> >>> might remove all files from your system! The code can be found in lines
> >>> 301-302:
> >>>
> >>> | 301 os.chdir("/")
> >>> | 302 shutil.rmtree(os.getcwd())
> >> Ouch ... can we ban this guy from Fedora?
> >
> > This is a bit dramatic. I really sincerely apologize for this and please
> > realize that I wrote this with the best
> > intentions. I've fixed the issue...
>
> how can a "rm -rf currentdir" happen by accident?
> and that combined with make / to the current dir?
>
> line 302 is a no-go in general
> line 301 before that smells like intention
>
> i can't imagine that two lines together happen by mistake
That may well be an issue with your imagination (or even experience). As
for me, I'm struggling to imagine why would anyone do that
intentionally.
I think (and hope) lot of us would be very unhappy if manage to build
an environment where hastily punish people for mistakes or suspicions in
a mob-like manner. Please give the guy a break and don't jump into too
quick judgments.
Lubo
More information about the devel
mailing list