For those who aren’t aware,
su -
rm -rf *
is referred to as the code of death. Really needless to explain why. Well, I had never thought I’d see it happen, but I did. Not exactly the above mentioned commands, but as another lethal variant:
su -
mv /* /somedir
How and when? I was hanging out on #fedora when this dude said he needed help. A fellow admin to his remote server had typed in the above commands (there was lag and something something). Anyhow, so, you do the math. We tried making a shell script to move everything back. OH! but wait! you can only use built in shell commands. Makes it way more tougher, doesn’t it? I couldn’t fix it, but I did learn some stuff trying to.
Sent the dude to #bash, where an excellent fellow, who REALLY knew his stuff, helped out. He compiled an executable using static linking (so it wouldn’t want the moved libs) and placed it in the dir using tcp or something (This part I know nothing about). Since you couldn’t use chmod anymore, they overwrote an already executable binary (sorry unrar). The file moved everything back to where it was supposed to be. This din’t come about as trivially as it sounds.
Sounds simple eh? Trust me, isn’t. At least wasn’t for me.
So, a close experience of the code of death. Lesson learnt : Root is dangerous !!
well, I don’t know the exact things that happened, but I would think that setting LD_LIBRARY_PATH and explicitely using /somedir/lib/ld-linux.so.2 /somedir/bin/mv /somedir/* / should work?
Klaus
Intriguing story. Good to know there are still uber-wizards around in times of need.
I’m probably missing something, but would it have been possible to boot to a Live CD and do the move back through there?
Pretty cool story. I love seeing what people who really know their stuff can do.
haha.. You did miss something out. They din’t have physical access to the machine
They could only remotely login to it
Ankur
su -
rm -rf *
won’t actually do any harm in many cases. su – will make you root and chdir to $HOME, so your current work directory will be /root. The following rm -rf * will clear all files inside /root, which usually account to none.
i hadn’t thought of that..
guess it should be
su –
cd /
rm -rf *
thanks for pointing it out..
nicely caught, I was going to comment the same thing.
Well but an interesting post to read anyway