Shortening the rope (around RH's neck) [LWN.net]

Shortening the rope (around RH's neck)

Posted Apr 24, 2009 18:40 UTC (Fri) by Max.Hyre (subscriber, #1054)
In reply to: Shortening the rope (around RH's neck) by madscientist
Parent article: Shortening the rope

All you are doing is teaching people to assume and rely on the fact that "rm" will ask them before removing a file... so when they drop over to someone else's account, where this alias is not present, the potential for utter disaster is real and constant.

Would that that were the only danger. The assumption and reliance mean that when they ``rm -r *'' and are asked for confirmation, they'll type in `y' without thinking—it becomes no protection at all.

True story:

Ages ago (25 years?) I worked on Datapoint systems, early versions of microcomputers. At the time, the only non-volatile storage was floppy disks, so we formatted and rewrote them continually.

Their format protection was of the form (sequence of answers real, questions forgotten, and so made up):

> format
- Are you sure? y
- Do you really want to wipe this disk? y
- Would you like to stop now, for safety? n
- This is your last chance, do you want to continue? y
<formats disk>

My fingers were so used to this rigmarole that typing ``yyny'' was controlled by my hindbrain—absolutely no thought involved. If I'd made a mistake, I had no more chance of catching it than if I'd typed ``# rm -rf /''.

Such mechanisms are a snare and a delusion.

FWIW: When I'm setting up some potentially disastrous command, I always start the line with `#'. That way, if my finger accidentally hits the <CR> key, Bash will just say ``Ho, hum—another comment.'' When I've built up the command to my satisfaction, I remove the hash and send the command on its way.

(Log in to post comments)