Slashdot Mirror

← Back to Stories (view on slashdot.org)

Steam For Linux Bug Wipes Out All of a User's Files

Posted by Soulskill on from the big-oops dept.

An anonymous reader sends a report of a bug in Steam's Linux client that will accidentally wipe all of a user's files if they move their Steam folder. According to the bug report: I launched steam. It did not launch, it offered to let me browse, and still could not find it when I pointed to the new location. Steam crashed. I restarted it. It re-installed itself and everything looked great. Until I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media. Another user reported a similar problem — losing his home directory — and problems with the script were found: at some point, the Steam script sets $STEAMROOT as the directory containing all Steam's data, then runs rm -rf "$STEAMROOT/"* later on. If Steam has been moved, $STEAMROOT returns as empty, resulting in rm -rf "/"* which causes the unexpected deletion.

15 of 329 comments (clear)

  1. And that people... by omfg-no · · Score: 5, Insightful

    Is why you have backups. You need to apply the rule Total Backups = Total Backups -1 so if you have 1 you have 0.

    1. Re:And that people... by beelsebob · · Score: 5, Insightful

      And also, why redundancy is not backup. If your backup is plugged in and/or mounted, it's not a backup any more.

    2. Re:And that people... by MetalliQaZ · · Score: 5, Insightful

      so if you have 1 you have 0.

      Dude, what does that even mean? Backups have to be done intelligently based on your situation. In the summary, the user had an external hard disk on USB which would have protected against primary HD failure, but not against common mode failures such as a fire at home or a compromised PC. He didn't protect himself against malicious code, and got burned. The raw number of backups don't matter if you're not paying attention to what you are and are not protecting against.

      --
      "Here Lies Philip J. Fry, named for his uncle, to carry on his spirit"
    3. Re:And that people... by CanHasDIY · · Score: 5, Insightful

      Did you read the part where it also erased his backups?

      I think the moral here is, don't leave your backup drive plugged in when you're not running backups.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    4. Re:And that people... by BarbaraHudson · · Score: 4, Insightful

      They can be plugged in but not mounted. in such a case, rm -rf / won't touch them. Only mount the disk when doing a backup, then unmount it again, problem solved.

      --
      "Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
  2. Re:I hope no one runs steam as root. by Anonymous Coward · · Score: 5, Insightful

    Who cares about root! My home directory is WAY more important than the system.

  3. Re:When I see that [literaly] textbook mistake.... by TomTraynor · · Score: 5, Insightful

    Yep, but, they should test to see if the variable has a value. I remember vaguely that I tested for something like that by appending a value to the end saving it to a new variable and then testing both the original and new and if the same it was null.

    --
    Panic now, beat the rush!
  4. Re:When I see that [literaly] textbook mistake.... by Anonymous Coward · · Score: 5, Insightful

    if [ -z "$STEAMROOT" ] ; then echo 'you fucking idiot what are you doing'; fi

  5. Re:arguably steam isnt for linux. by DRJlaw · · Score: 3, Insightful

    [Steam] as a proprietary application expects in this case to invoke the GPL mantra of usability without warranty.

    I could have sworn that that mantra appeared in BSD licenses well before the GPL was a twinkle in RMS' eye. Yep.

    If I cared to research it, I'm certain I would find similar language in proprietary licenses which predate even that.

    Your distinction between "on" and "for" is equally myopic and artificial. Binaries "for" an operating system is used so commonly it is only questioned by ideological zealots, which most of us are not.

  6. Re:arguably steam isnt for linux. by fuzzyfuzzyfungus · · Score: 4, Insightful

    Aside from areas where it's legally unavoidable(medical devices, avionics, probably some nuclear applications), applications that take the slightest responsibility for their actions are virtually unheard of, under any license. On a good day, a proprietary application might accept liability up to the value of a refund; but not further, if it fucks up really egregiously; but that's about the extent of it.

    You can get software that promises more; but it will cost you mightily.

  7. Re:I hope no one runs steam as root. by fuzzyfuzzyfungus · · Score: 3, Insightful

    Who cares about root! My home directory is WAY more important than the system.

    This is a fairly serious hole in a lot of traditional security mechanisms, blowing away the entire OS is easy, replacing the documents that any process running as you can scribble on is hard; but SELinux could definitely be used to contain the damage in a situation like this.

    With SELinux, even if Steam is running as the user, its process could run in a different domain, and have access exclusively to files in the appropriate security context(presumably only the ones it created in the first place).

    You could also use the hackier; but simpler, method of running the steam process under a different user account; but(especially once X enters the picture and you want integration with your DE's menus and whatnot) that gets kind of gross.

  8. Re:man rm by Anonymous Coward · · Score: 3, Insightful

    That doesn't matter in this case, since "rm -rf /*" is trying to delete all the subdirectories of /, not / itself.

    The rm command sees the command as this (for my machine):

    rm -rf /bin /boot /dev /etc /home /initrd.img /initrd.img.old /lib /lib32 /lib64 /libx32 /lost+found /media /mnt /opt /proc /root /run /sbin /srv /sys /tmp /usr /var /vmlinuz /vmlinuz.old

  9. Windows installer has a similar "feature" by janoc · · Score: 3, Insightful

    The Windows installer has a similar issue and apparently it is not even considered as a problem (red box):

    https://support.steampowered.c...

    This reeks of serious incompetence or negligence, in my opinion - writing installers that blindly mass-erase files instead of tracking which files did the software actually install and erase only those on uninstall/move is not acceptable in my book. Whether or not it is documented in some disclaimer that nobody reads or not is irrelevant. This really is asking for a lawsuit if someone gets seriously bitten by it.

    I really wonder what the devs at Valve were smoking when they consider this as acceptable.

  10. Re:When I see that [literaly] textbook mistake.... by ejasons · · Score: 5, Insightful

    OSX sandboxed apps cannot look outside of their own directories. However, when the user chooses a file via the "Open" dialog, the application is given a handle that allows it to open just that particular file. Sandboxing really is the solution to this kind of mess...

  11. Re:When I see that [literaly] textbook mistake.... by greg1104 · · Score: 3, Insightful

    Checking if STEAMROOT is an empty string is a good start, but it's still not enough. Anything that's unleashing something as dangerous as "rm -rf" should do a serious sanity check first. Looking at the text name of the directory, seeing if it's really a directory, or seeing if you can cd into it (and the output from pwd still matches) are all useful checks. But you will still find edge cases where they do terrible things in the real world.

    As an example of something more robust, PostgreSQL does what it can to deal with this problem by having a file named PG_VERSION in every installed database directory tree. All utilities that do something scary take the directory provided and check to see if there's a PG_VERSION file in there. If not, abort, saying that the structure expected isn't there. Everything less complicated than that occasionally ate people's files. A common source of trouble here for database servers is when there was a race condition against a NFS mount, so that it showed up in the middle of when the script was running.

    When you stare at that sort of problem long enough, no check for whether your incoming data is sensible is good enough. You must looking for a positive match on a "I see exactly the data I expect" test of the directory tree instead, before wiping out files in particular. Even the level of paranoia in Postgres is still not good enough in one case. It can wipe things if you run the new database initialization step and hit one of those mount race conditions. For that reason, the initialize database setup is never run in the init scripts anymore, no matter how many complaints we get that it should be automatic.

    I first saw this class of bug in IBM's Directory software, in its RPM uninstaller. It asked RPM what directory the software was installed in, then ran "rm -rf $INSTALLDIR/data". Problem: RedHat 8.0 had a bug where that RPM query returned nothing. Guess what was in /data on the server? That's right, the 1TB of image data that server ran against. (And to put the scale of that into perspective...this was 2003, when 1TB was not a trivial amount)