WARNING: malicious code
Sandro Mani
manisandro at gmail.com
Tue Jul 8 07:22:14 UTC 2014
On 08.07.2014 08:53, Lubomir Rintel wrote:
> On Sun, 2014-07-06 at 13:48 +0200, Reindl Harald wrote:
>> Am 06.07.2014 13:41, schrieb Sandro Mani:
>>> On 06.07.2014 13:38, drago01 wrote:
>>>> On Sun, Jul 6, 2014 at 1:04 PM, Till Maas <opensource at till.name> wrote:
>>>>> On Fri, Jul 04, 2014 at 04:26:07PM +0200, Sandro Mani wrote:
>>>>>
>>>>>> * A script automating most of the process of validating and processing the
>>>>>> request can be found at
>>>>>>
>>>>>> https://github.com/manisandro/fedora-process-simple-patch/blob/master/process-simple-patch.py
>>>>> Do not run this script, because it contains malicious code that
>>>>> might remove all files from your system! The code can be found in lines
>>>>> 301-302:
>>>>>
>>>>> | 301 os.chdir("/")
>>>>> | 302 shutil.rmtree(os.getcwd())
>>>> Ouch ... can we ban this guy from Fedora?
>>> This is a bit dramatic. I really sincerely apologize for this and please
>>> realize that I wrote this with the best
>>> intentions. I've fixed the issue...
>> how can a "rm -rf currentdir" happen by accident?
>> and that combined with make / to the current dir?
>>
>> line 302 is a no-go in general
>> line 301 before that smells like intention
>>
>> i can't imagine that two lines together happen by mistake
> That may well be an issue with your imagination (or even experience). As
> for me, I'm struggling to imagine why would anyone do that
> intentionally.
>
> I think (and hope) lot of us would be very unhappy if manage to build
> an environment where hastily punish people for mistakes or suspicions in
> a mob-like manner. Please give the guy a break and don't jump into too
> quick judgments.
He accepted that it was a very unfortunate mistake later in the post. I
can fully understand the first reaction of the people seeing such code,
it definitely was not a pretty sight. Can we now please just close this
thread? :)
More information about the devel
mailing list