Slashdot Mirror
Running "rm -rf /" Is Now Bricking Linux Systems (phoronix.com)
An anonymous reader writes: For newer systems utilizing UEFI, running rm -rf / is enough to permanently brick your system. While it's a trivial command to run on Linux systems, Windows and other operating systems are also prone to this issue when using UEFI. The problem comes down to UEFI variables being mounted with read/write permissions and when recursively deleting everything, the UEFI variables get wiped too. Systemd developers have rejected mounting the EFI variables as read-only, since there are valid use-cases for writing to them. Mounting them read-only can also break other applications, so for now there is no good solution to avoid potentially bricking your system, but kernel developers are investigating the issue.
first
Seems like the kernel is the wrong place to solve this problem.
"Systemd developers have rejected ..."
No surprise there.
Hey, systemd developers know better than you how your server should be configured.
So, which is it .. UEFI is catastrophically broken, or the way it's implemented is clueless and naive?
Because this sounds so horribly broken it isn't funny.
Actually, no, it's actually quite funny in a big giant "WTF" kind of way.
Lost at C:>. Found at C.
In other news, Poettering remains the best advocate Apple has for switching geeks to their platform... they should pay him, really.
It's just now bricking systems? Wow, all this time I could have been running "rm -rf /" with reckless abandon ...
I would have thought this was rather obvious. Anyone with even a beginner knowledge of Linux would know command rm -rf / is disastrous. I guess the stupid bar in the world really has hit the floor if people are running this unintentionally.
Isn't "not running systemd" a good solution?
Stuff like that makes me long for a write protect jumper on the motherboard again.
What are the valid use cases? Can't writing anything to UEFI be done through some other way than the filesystem?
And also UEFI itself is flawed if everything is exposed in a "flat" way like this.
Of all the things you could run that you might expect to 'brick' your system surely 'rm -rf' as root would be the one.
Consequences arise from actions. I hate UEFI as much as the next guy, and don't get me started about SystemD but this looks like click bait.
Damn, got me.
Have you tried not running rm -rf /?
Just an idea, but perhaps someone should set up a database that accepts failure reports and, consequently, shames all the hardware devs into fixing their (U)EFI implementations.
While I don't agree with mounting efivars rw by default, accidental deletion shouldn't permanently render one's computer an expensive piece of Lego.
I always run sudo \rm -rf That is the way to do it, you whippersnappers.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
...Systemd developers have rejected mounting the EFI variables as read-only...
So the sane solution is rejected because the underlying design is bad?
What happened to booting from CD/usb? How about bringing up a system where all batteries are dead, so there were no power for bios stuff? The latter was a hassle, but you could always get those things going before.
I had to read the article just to see if there was something more to the article than "Dur, dont be stupid".
Nope, nothing to see here. Do not run as root user. Anyone stupid enough to run as root user is going to hose their system by typing a wrong command sooner or later anyways. This article will not help.
You wanted the "everything is a file" UNIX approach*.. well, you got it, including the ability to delete *every* file.
Incidentally, while systemd was being blamed for this, the underlying /sysfs structures have zippo to do with systemd, so put down the pitchforks.
* Which has never actually been completely true but is a popular catch phrase.
AntiFA: An abbreviation for Anti First Amendment.
Try running fuk /u
This seems irrational:
"Systemd developers have rejected mounting the EFI variables as read-only, since there are valid use-cases for writing to them. Mounting them read-only can also break other applications, so for now there is no good solution to avoid potentially bricking your system, "
Can't you just mount read only anyway? Fuck the broken apps. Does every system have them? It should be my choice but systemd devs are arrogant assholes. Are these "valid use cases" universal?
If Gentoo is ever systemd only I'll be done with Linux.
The
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
...so for now there is no good solution to avoid potentially bricking your system...
That's why most versions of rm feature a --no-preserve-root option that is required if you issue that specific command. If you really want to remove all files on a the root partition, use the --one-file-system argument, or just don't do that.. ever... formatting the partitions is a much simpler solution.
Most motherboards now offer some type of "BIOS recovery" (their words, not mine.) This allows the board to be brought back to factory state regardless of the contents of flash,nvRAM. Typically the restore software is in mask rom, and can't be written to.
And its by ignorant design mostly
for example last night I removed the soduku game that came with my distro, thanks to its dependency tree and debian / ubuntu's package management removing this one stupid game took half of XFCE with it, and I was left with a command prompt
say what you want about windows, it doesnt fuck the entire system if I uninstall solitaire
Code the "rm" command to block "rm -rf /", there is no valid use case for running that command, if someone wanted to wipe a drive they should just use a partitioning utility from a separate boot device.
At what time would I ever use 'rm -rf /'
Why wouldn't I reformat the partition?
The kernel dev who wrote the efi code says it's not a systemd problem and following the bug report's suggestion would be the wrong way to solve the problem.
But don't let that stop you from jumping on your favorite whipping boys.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Having come up during the advent of computers, this is PRECISELY why we separated hardware bootstrap firmware from user-accessible code in the first place, and did not make provisions for user-space access to change it. The hardware had to continue to operate and boot regardless of the stupid things users and developers did.
That all went out the window the moment we started with this "update your BIOS from the O/S" bullshit. And now, apparently, "let's give userspace read/write access to the bootstrap firmware willy nilly," which is complete and utter stupidity.
If you run "rm -rf /", don't you suddenly have other problems than your boot partition? That partition is so easy to backup compared to the old MBR, there is no excuse! I once formatted my boot partition by mistake (yes, "mkfs.ext4 /dev/sda1" is as dangerous in the hands to the stupid) but it didn't quite "brick" my system
Who the fuck runs "rm -rf /" on their Linux system?
I have always used legacy mode in bios for Linux installs. I guess this must help, I have not experienced any problems? UEFI is perfectly fine, I think it was a big positive for PC's. I suppose those dual booting Linux with Windows in UEFI have the potential for experiencing this more.
There are too many imbeciles that will brick their system by typing in random terminal commands they found on the Internet, like fork bombs or using wget to download a trojan. rm -rf / is only the most famous of this kind of command. Then they will complain that Linux is too fragile and dangerous to use for new users, blah blah blah.
I was thinking of a possible solution to this. Perhaps the distros meant for newbies (Ubuntu, Mint, elementary, Zorin, etc.) could lock by default the most well known terminal commands that fuck your system up. When trying to execute them (even with root privileges), they will get something like "ERROR: This command is extremely dangerous. To execute, go to [distro's website].org/foobar." This page will have the password in order to bypass the lock, but only at the bottom of some text that explains exactly what will happen, and if you do anyway, that the distro has absolutely 0% liability to what will happen to your system.
How come we haven't heard of massive bricking on Windows systems by malware that bricks system boards? Could it be that bricking is not possible by bricking malware on windows where bricking malware could actually brick a system board on a brickable linux box?
So, where is your holy grail called UEFI variables stored? If its not on the hard disk then its possibly in the NVRAM of your system. So, yes you can erase them or modify them, but shouldn't have the System a "factory reset" function that cleans the mess after an accident?
The FA doesn't say.
Same shit different lifetime.
Time for another Extinction Event to maximize the available Entropy.
This command does NOTHING on my superior Windows machines. We do not allow such viral commands here in the grown up world of computing.
Just create rm() function where you assign something else for rm -rf /
Source it from .bashrc
Problem solved.
See the subject line.
Obviously this poster has no idea
1. of what he is doing
2. that XFCE in Debian is not "Linux"
C'mon folks, nobody forces you to use systemd. I run a Debian "testing" system with systemd-provided init disabled and everything works fine for me so far.
Spell it SystemD.
That way it looks like an ASCII penis.
What is all this? I thought rm -rf / was the official procedure for upgrading from RHEL6 to RHEL7?
Linux is anything but fragile. Stop blaming the OS for a shitty design in UEFI! Linux is so stable and solid that it lets you run "rm -rf /" and it will actually do what you asked it to until it can no longer figure out the machine it's on and commands needed to talk to a disk. This is a more than 45 year old design. Yes, that's right. In AT&T's original Unix you could also kill a system with "rm -rf /".
'but', 'but', 'but', oh shut up and stop spreading FUD! "rm" is the remove command, "-r" is recursive, and "-f" is force. You need to be root to run this with any success, so it's not like any old user can remove everything.
The problem is that UEFI allows an OS to write to areas which it should not be able to write to. If you open all the PROM in a system it's not just the OS that can brick a system. A malicious person can do so just as easy, and without being so obvious as running "rm -rf /"
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
I assume this problem occurs only in you are running with root priv. .*
It should be noted that running:
rm -rf
Will also have a similar effect because the rm will work its way up the directory tree to "/"
A work around to avoid this kind of disaster is to use the following to remove everything below the CWD: .??*
rm -rf
This is another case of stupid design. The UEFI section should be mounted RO by default and remounted RW just long enough to make required changes when required. The tinkerers can be satisfied as well while still providing additional stability.
*sigh*
Read the fucking article before you make an ass out of yourself. Hell, in this case, the difference between "OS doesn't load" and "computer is bricked" is clearly explained.
This doesn't apply to VMs I hope
It makes perfect sense for a format of my drive to brick my entire system, that makes perfect sense, in 1968. My bad, I thought this was 2016.
In order for the OS (Windows/Linux/Unix) to use the Secure Boot mode, they have to be able to add their keys to the Secure Boot - EFIVARS table.
What this sounds like is a poor implementation of that feature since it's allowing all of the UEFI Firmware to be wiped instead of the Secure Boot area.
This makes my Asus Board far more valuable due to their Crash Free implementation that can load a firmware replacement/upgrade w/o a CPU or RAM installed by using a hardware button and dedicated USB port to do so so I'm quite a bit happier as it's a damn good use for an old 128-512M flash drive
I'm not saying it was aliens, because it was actually systemd.
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
When I hear Bricking it means I have to toss the hardware or whip out a JTAG or EEPROM programmer.
Is this "bricking" real or just someone not understand what the word actually means and a initialize and reinstall of the OS will fix everything.
Do not look at laser with remaining good eye.
I never run rm -rf /. But when I do, I
[Connection lost]
I've seen this over and over, but no real concrete reason for it.
Why IS systemd hated so much?
Don't give me your silly "chaaange!" arguments either. An actual reason.
Does it make Linux more vulnerable?
The only thing I have heard is it changes the way scripts are parsed, or something.
Not 100% sure, I've not used Linux in-depth and the last time I used it was 2004 on a laptop when I quickly threw a Slax Live distro on a disc because my HDD died.
Is it worth avoiding? Or, for a newer system (the one I am making), is it perfectly fine to get in to?
You also need the "--no-preserve-root" and to have a buggy motherboard UEFI implementation. The problem is that deleting stuff in /sys/firmware/efi/efivars resets some variables in the UEFI. If the implementation follows the spec then that is like doing a factory reset on your motherboard. For some poor hardware they fail to boot after this. The kernel already has some protection for some bad hardware, more will be added shortly ( https://gist.github.com/mjg59/... ).
I ran into this UEFI crap about half a year back, when I had to adjust some BIOS settings and couldn't, because I didn't have windows installed. I couldn't believe it. RMSes worst nightmares come true, today. Un-fucking-believable.
UEFI is just another machiavellian attempt at controlling our hardware from start to finish. It's basically the old TCPA bullshit repackaged. How the fuck anyone could install let alone design and build a BIOS whos UI is depedant on what OS is installed on the HDD is totally beyond me. I honestly am of the opinion that those who designed this freakin' insane UEFI BIOS crap and peddle it should be brought before court for malicious malpractice and willfully undermining computer security.
UEFI in my book is definitely a reason not to buy the hardware using it.
BTW: How come no one get's worked up about that? Everyone is pissing their pants about systemd, but UEFI doesn't get half as much bad press. I remember the TCPA uproar - that was a good one. How about now?
We suffer more in our imagination than in reality. - Seneca
Jesus I thought we'd gotten rid of that stupid "brick" term for simple issues. If it's a COMPUTER - you can't "brick" the damned thing if you take the hard drive out and throw it in a river.
"Bricked" indicates that the firmware is bad. A bad BIOS flash will brick a system. Something of that level. Anything that can be fixed via an OS reinstall ain't "Bricked".
"People who think they know everything are very annoying to those of us who do."-Mark Twain
... hitting yourself in the head with a hammer may cause headaches, or unconsciousness.
Why don't we just set the contents to these to immutable (by default) and if there are legit reasons to change values through software, just add the subroutines to flip the bit back and forward and verify, etc. Done.
chattr +i for those who are not aware.
Sig missing. Reward.
You Keep Using That Word, I Do Not Think It Means What You Think It Means
It sounds like you get to do a rebuild and not that you brick your hardware.
When you brick something you cannot rebuild it, you have reduced it to the usefulness of a brick, hence "bricked" it.
Not so easy to remove the hard drive or re-install the OS from scratch remotely. The problem people are encountering is that they are physically thousands of miles from the hardware.
I mean, for the last 10 years, I have worked on a computer I've never seen. The Mainframe is in Delaware, and I am in New Jersey.
But I can easily imagine a situation where I'm in Manhattan, but the Linux machine is located in a data center in New Mexico, or even worse, Mumbai. Effectively, I have zero access to the hardware, so yes, in such a situation the machine is effectively "bricked".
If telephones are outlawed, then only outlaws will have telephones.
Why is SysFS deleting/erasing variables/files on RM? /dev/null by accident right?
Can't these be handled like special device INodes?
It is not like you can delete
Léa Gris
nuff said
To AmiMoJo: Sorry for the wrong mod.
A while back I installed Debian on an experimental system for learning more about Linux, and came away feeling a bit lost, because (compared to some other distros) there seemed to be oodles of new config files, scattered everywhere. Trying to keep track of them all was, for me, nightmarish. I wished all the config files were located in a single root-level directory (like "home"), perhaps named "cfg".
Well, if such a thing existed, that directory might be considered too valuable to be allowed to get included in any generic remove-all system command, and could thus be a safer place for the UEFI variables. One could go inside that directory and deliberately erase everything, but the specter of knowing that all the system's config files would be destroyed might give one pause,before daring to actually specify that command.
So the advice is: don't delete your all you files if you want your computer to work? Huh, whoda thunk it?
So, be it under linux or windows ... (I guess BSD too with hard enough efforts) ....ill intentioned persons can brick computers running UEFI.
Now computers could potentially be bricked remotely... progress is an amazing thing.
And adding the "rm /" in the surface of exposure is kind of adding well intentioned clumsy persons to the equation.
And everybody knows that clumsy persons are more frequent than ill intentioned persons.
This makes systemd choices almost criminal in terms of risk management.
This is so boneheaded it beggars belief. The straightforward solution is to require the UEFI variable filesystem (or whatever it is called these days) to be mounted read-only, and require (UNIX anyway, but something analogous ought to work for Windows too) an application to do a "mount -o remount,rw" to do whatever it needs to do, then do a "mount -o remount,ro" when it's finished. Not as nice as having UEFI not be seriously broken, but workable, and there's not much of an excuse for things like systemd, openrc, etc. implementing this where appropriate (and for any UEFI crap that can brick a system, this is appropriate).
Applications don't like it? Tough, patch the damn things. Requireing firmware to be exposed to harm like this on any operating system is unacceptable.
The Future of Human Evolution: Autonomy
Boot partition? You have no idea what you're talking about.
an rm -rf / will wipe EFI vars as well. The motherboard will not boot anything, regardless of what is on your drives.
without systemd!
Why can't it be mounted as read-only, and remounted as read-write when necessary? Something like "mount -o rw [mount_point]" does that job.
If the BIOS isn't even robust enough to use defaults for critical variables that can be deleted, then I'm gonna say this is OBVIOUSLY a problem with crappy BIOS code, not with the OS that ran the app that actually did exactly what it was told to do.
Its gonna happen sooner or later anyway.
Why would you run rm -rf / in the first place?
Linux gives you disk damage anyway (Try dd if=/dev/zero of=/dev/sdXXX bs=1M)
and have "pre-released updates" box checked in software updates, you will bork networking if you do an update. The only way to fix it is to download the stable libnl packages from another computer and transfer them with a flashdrive and reinstall them. I'm a Linux fanatic, but this was a major boo boo on the developers part. And what idiot would run rm -rf on any Linux system? That's just clickbait for Windoze idiots.
The most common implementation of rm on Linux (GNU coreutils) does exactly what you're asking.
That would be violating POSIX by allowing it at all:
If either of the files dot or dot-dot are specified as the basename portion of an operand (that is, the final pathname component) or if an operand resolves to the root directory, rm shall write a diagnostic message to standard error and do nothing more with such operands.
* http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html
Solaris and FreeBSD rm(1) do the right thing as well:
* https://svnweb.freebsd.org/base/head/bin/rm/rm.c
* https://web.archive.org/web/20061101213104/http://blogs.sun.com/jbeck/date/20041001
I'm sure selinux could be configured to allow systemd to access the uefi variables file system, while silently blocking everything else.
That said, I tend to disable selinux as it never causes anything but pain when silently stopping things from working with little to show for it.
It might be for the benefit of non-technical users who don't understand that the chat or forum user recommending sudo rm -rf / is up to no good. At least if the system is bootable from install media, the user can restore /home from backup.
Linux package managers are well overdue for redesign.
I'm sure Pottering will oblige in due course.
Why is this being modded "Funny"? They're actually working on it:
* http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html
I use dd if=/dev/zero of=/dev/sda instead.
Would it be possible to hide the real files, make some FIFO buffer files which are read by a gateway program, which then queues writes to the real files?
* Remove immutable bit.
* Write to file.
* Set immutable bit.
You'd have to get seriously unlucky to wipe those files out after that.
In most cases, electronic devices should be able to be reset back to a factory state by their owners, preferably with a hardware switch that cannot be disabled by any software.
Exceptions would be for things like car-odometers/disk-drive-power-on-hours logs that need to be kept for fraud-prevention or things that the customer himself doesn't want to be re-settable, like anti-theft protection.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Anyone?
Millions of european Facebook users, journalists, NGOs complained for years about siphooning of private data over to US, achieving nothing. But in reality, it took only ONE determined student of law to actually TAKE LEGAL STEPS and KICK ZUCKERBERGS BALLS at the European court of justice.
If you really care, take action.
Running your car straight into a wall at 90mphrenders it useless.
The mental model of a file system - the expected behavior - is for it to be hierarchical. We silently expect anything below a certain path to be subordinate. Already this model is broken because devices can be mounted, files symlinked/hardlinked etc. That something much more fundamental to a system than a file system directory can be found deep in the hierarchy is a violation of the hierarchy.
That's why it is surprising that removing everything from the file system may cause higher order information to be deleted as well. You do not expect that. The impulse to map everything to a file deep in the filesystem is dangerous.
Sure, you can probably write/destroy UEFI variables from windows, but not as unintentional collateral damage from deleting a directory.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Death to the UEFI menace.
BIOS+MBR forever!
Since a "few years", on "most distros", you need to pass --no-preserve-root to rm rf slash to actually do something.
Just out off office; too tired to look up exactly :
But a "few years" is about 3-5 years
"Most distros" means maybe >90% of the linux userbase
Some other unices got that new default, but as other unices are often older systems, i wouldn t bet on the userbase percentage
Anyone who's been reading the linux kernel mailing list since the 90s knows that most PC vendors ship BIOS/firmware/whatever that is often half or mostly broken.
Power management, in particular, is pretty bad. It's so bad that Microsoft ignores the system firmware and implements their own power management scheme, complete with a white list of known hardware and workarounds.
Why did anyone think UEFI would be different?
I'm not going to change out my engine because tyres keep blowing, I'm going to stop driving over glass.
If there is a way to stop rm~ from killing a machine, if it's a situation I ever come across (I haven't had to think about it, to be honest, beyond noticing a system partition of 300MB on my notebook and thinking to myself "You know, that looks important, better make sure I've got a backup"), then I say thank fuck for Replay and shadow copies.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
My Grandpa was very fond of one particular expression. From time to time, I would ask him what would happen if you did X, Y and Z, where such a combination was likely to result in a Bad Thing happening.
His response was usually, "Well, you just don't do that."
www.wavefront-av.com
Then have those EFI variables mounted read-write when it's necessary to write to one of them. It's not like mounting something readonly sets it in stone until the end of days, and it is probably just as easy to handl
If those other applications can't handle a simple error state that they can trivially recover from, then they're likely to already be broken. Either that or they're weak command line programs trying to infiltrate the strong command line program paradigm.
TL;DR: Colonel Lazyness gets promoted to General.
Next up, instead of encrypting your files, they'll just demand a bitcoin or permanently ruin your hardware...
Peter predicted that you would "deliberately forget" creation 2000 years ago...
Yet another example of how open sores software is complete and utter garbage. Not only does most open source software SUUUUCK, but the whole trend of putting all sorts of random code on github is just doing little but propagating that crap code. Open sores is a development model that produces shit code, is actively HURTING the profession (as in destroying the ability of programmers to make a living, you know, WRITING GOOD CODE) and is well past its prime. I just have to wonder when the morons in the open sores community will all come to realize they have been make into cuckolds by guys like Eric Raymond and Tim O'Reilly.
If you can brick your motherboard from userland, then so can malware.
Isn't this the kind of thing that the immutable attribute was designed for?
$ grep EFI .config
# CONFIG_EFI_PARTITION is not set
# CONFIG_EFI is not set
CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
A bad rm -rf /. would nuke a system...it wouldn't BRICK a system.
Nuking a system is fixable....
boot from a floppy (or something else)
format harddrive
reinstall.
Brick - throw system away. You're done.
Just don't
Dont. Use. UEFI.
This is a massive security problem, someone could run this on 10,000 servers in parallel all at once and the business would be down for months replacing all the motherboards. Figure $500 and 1 hour per motherboard replacement and you are looking at 10,000 man hours and $5 million dollars in hardware damages alone.
"...Windows and other operating systems are also prone to this issue when using UEFI"
Well, no. They have the same underlying potential problem, yes... but Windows isn't susceptible to the rm -rf / since it doesn't, by default, have the rm command. These two aren't quite the same thing. The summary makes it sound like there's parity between Linux and Windows but that's not accurate. It takes about 20 lines of code (as per the article) to do the same thing on Windows. So yeah, it's a legitimate UNDERLYING problem, but let's not make it sound like it's the same situation on both platforms 'cause it's not really.
If a pion (n-) collides with a proton in the woods & noone is there to hear it, does lamdba decay into the source pa
Not only did it erase the firmware on my motherboard, it also deleted all of my files!
1) Store EFI variables in two in 'special' partitions (flag one as current, and one as stand-by). Do not mount either of those partitions, EVER.
2) On boot, do a bit-for-bit copy of the 'current' EFI partition to a third, 'live' EFI partition. Mount *that* partition read-write.
3) On shut-down, or any time you need to save values, do sanity checks of the EFI data before doing a bit-for-bit copy of the 'live' EFI partition over the 'non-current' version, then flip the flag to mark *that* one as current, and the other as stand-by.
4) If the system can't boot from the 'current' EFI data, flip the flag, so the 'stand-by' copy is now the 'current' copy.
5) If the system can't boot from *that*, get the EFI settings from the hardware, replacing *both* the 'current' and 'stand-by' partitions' content.
Since the hardware is treated as a emergency, default-state restore cache, you never write to those via the OS.
Ideally, the hardware should prevent you from bricking it, but this will allow the OS to mitigate the risk of something wiping hardware-only EFI values.
Yes, yes. We all already knew that but don't let that stop you from posting some flamebait troll garbage! You didn't even try to disguise it as a response to someone claiming such. You just threw a new thread out there as if that's all we're talking about. Even TFS isn't blaming it. And this bullshit gets a +5 Informative! Just because he has a 4 digit UID doesn't means he's a freakin soothsayer people!
...is not subject to this ludicrously dangerous vulnerability, and systemd is?
I mean, effectively, that's the reality on the ground right now, right?
I've been neutral on systemd, more or less, but...
Good excuse to get control over your own hardware. Bring back BIOS, /init and /var/log/messages. Systemd and UEFI can stay - just so long as they add 'emulate old ways' settings :-)
There is no need to reset the boot loader.
Most consumer machines do not even come with a replaceable operating system.
If the system gets hosed or riddled with viruses you just buy a new one. Does not happen very often. People accept that.
You hark back to days when you could have some understanding and control over your machine. Those days are long gone. Think about how a teenager interacts with a computer. That is the future.
you need for the BIOS to be a read-only thing that can only be written from another computer. Yes, it can be rather inconvenient to have to have a removable BIOS stick, but it would be simple to recover from this by just removing the stick and re-writing it on another machine. http://www.pcworld.com/article... Having a read-only BIOS is great against hacking also. It also makes bios upgrades safer. You just have two sticks and always keep your old one as a backup.
"Running "rm -rf /" Is Now Bricking Linux Systems " /" Is Now Bricking UEFI Systems"
No shit that bricks a linux system. It has been for over 20 years! It is the "delete system32" equivalent of the unix world, except that it will also erase any user files as well.
Please use a better title like "Running "rm -rf
also
"Systemd developers have rejected mounting the EFI variables as read-only"
God dammit systemd. Why is it always you behind shit like this.
UEFI is the problem. Whatever 'enhancements' it brings belong as OS services.
or hasn't that particular command always been a case of id10t pebkac?
not.
Are people seriously advocating for systemd to be a babysitter for the root user? I would definitely be more upset if systemd posed restrictions upon what I was allowed to do (as root). But, sure, I understand the problem (which Etcetera seems to be the only one to touch upon) that systemd makes it harder to strengthen the security by generally limiting the possibilities to customize your system.
People who come from a DOS/Windows background also seem to think that "rm -rf /" should be expected to work like "format c:". But the root is not just the (first) harddrive and as a user of Unix (where "everything is a file") I would rather translate it to "delete everything there is to delete, yes really". I wouldn't find it strange if stuff on the network got deleted too, not just regular files but printer queues and whatever. Not to mention all sorts of flash memory of any sort of attached device.
If anyone is to blame here it's the BIOS developer I think. A more robust implementation would have some fallback code in ROM that lets you at least install a new flash image. But while PCs have generally been quite robust (until now), where have been other more easily bricked systems. Sometimes you can remove the flash IC and rewrite it. Sometimes you just have to toss the hardware. It's annoying but it doesn't make me blame the software for not preventing me from doing the mistakes I did (which wasn't simply running "rm -rf /" by the way).
I prefer rm -fr / because then in my mind I can blame it on the French.
.. of course it would be quite easy to design an in-circuit programmer, but generally they were read-only with the exception of a UV light or being left on a window sill ..