Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
This kind of fuck up requires an email with some stern language. Also, the security team probably lost privileges to ask for emergency updates.
-
cdrice41938y@nickhh Thank you so much for the kind welcome! I can't believe I've never heard of this until today. Glad to (finally) be here!
-
Eariel19068yI had a similar encounter with a very complex building script for an Android NDK/C++/Lua/ActionScript project made for another branch of the company I worked for. As we "ported" games it was very common to just clone the repo, read the README, change some stuff and run the building system. There was a environment variable that needed to be declared but it was undocumented. It SECURELY DELETED my whole drive. Nice.
-
Root797358yWhen I was updating my dev tools for a project, I added a way to copy my freshly packaged app to my Steam directory to test its behavior in a Steam environment. This, of course, required removing the existing files. I tested the code in a local folder, and forgot to update the path in the code... so when I tested the copy-on-package feature, it deleted my entire project folder.
I had to clone everything from github again ._.
The git clone of shame... -
iguana8108yStill not good, but using && over ; would have saved you here. Really though, automating rm -rf is just evil.
-
cdrice41938y@iguana Agreed; but, as mentioned, not my code. Was buried deep in a pile of spaghetti code from another team. Using that logic had absolutely no place in production code - it was a mixed blessing this took out some non-production servers before it rolled out to prod. Seeing that code still makes me cringe. "Code was reviewed" my ass.
-
cdrice41938y@azous For ad-hoc jobs like this, BMC BladeLogic. Our team supports just shy of 20k *nix targets altogether. Enterprise total is a much scarier number.
-
cdrice41938y@Kimmax Hahaha, nope - different enterprise over here. I have been using phrases like "We should ask ourselves: What would Amazon do?" during conference calls - I guess I'll have to dial that back for a while...
Related Rants
-
cdrice105"You gave us bad code! We ran it and now production is DOWN! Join this bridgeline now and help us fix this!" ...
-
gururaju53*Now that's what I call a Hacker* MOTHER OF ALL AUTOMATIONS This seems a long post. but you will definitely ...
-
linuxxx65This guy at my last internship. A windows fanboy to the fucking max! He was saying how he'd never use anythi...
Received "emergency update" code from internal enterprise security team. Wasn't given time to do code review; was assured code was reviewed and solid.
Pushed code to over 6k lower-level servers before finding this gem buried deep within:
...
cd /foo; rm -rf *; cd /
...
(This ran as root, and yes, the cwd was / from earlier in the code).
/foo, of course, did not exist on some servers.
Now, it is those servers which do not exist.
FML
undefined
security
root
linux
file not found
directory structure
rm -rf /
directory not found
fml
rm