I found another bug in Ubuntu... It actually allows you to install the
system to a hard disk! This means that not only does it leave the system
open to 'sudo rm -fr /' commands being run accidentally, but anyone
passing by with an active electro-magnet could corrupt the entire
system. Other distros (Knoppix, etc) circumvent this by being a live-CD-
only distribution. Ubuntu already has live-CD functionality, so all we
need to do is just cut out all the installable stuff, and it's good to
go! Right? We could also include a requirement of lead shielding in the
chassis.
..end sarcastic portion of update..
> To me it's not a security feature at all; it's more akin to the safeguards
> in place to prevent accidental launch of nuclear weapons. How would it
> be destructive to Ubuntu's reason for existence?
I obviously don't really know what all is involved in the physical act
of firing a nuke, but if the movies are to be believed, it takes the
right person giving the proper authorization (sudo) and giving the
command to fire (rm -fr).. Usually it takes more than one person doing
it at the same time, but short of forcing two different admin users to
confirm file deletions so that it lives up to this standard, at some
point the engineers make the determination that any more safeguards
preventing execution would be too much (even unsafe), because after all
the weapons (commands) are there to be used, not look pretty.
This single feature is not destructive by itself, the precedent it sets
is. Users will expect the system to save them from themselves doing
anything potentially destructive, citing this 'bug' as 'proof' just like
everyone here did ("Sun is doing it why shouldn't we?" is, I'm sorry, a
glaring logical fallacy).
> There are many things that people, even good people, should do, but don't.
> Is "they deserve what they get" the kind of attitude Ubuntu wants to project?
So upon installation, should the disk partitioner not actually allow a
user to format a partition that has a certain amount of files with 'last
modified' dates of today's date, for fear that the user is actually
choosing the wrong partition to format? I bet a lot more people have
made that mistake than have accidentally run 'sudo rm -fr /'... And the
answer is still no, the partitioner shouldn't just refuse to format the
partition it was told to format during install because the user didn't
run it with the --actually_format_stuff flag, or something.
Someone always deserves a broken foot when they ask themselves, "Hmm, I
wonder what will happen if I drop this bowling ball on my foot?" and
then does it. Even if they meant to drop it an inch to the left of their
foot, and not right on it. It's not the bowling ball manufacturer's
fault for making a bowling ball that hurts your foot when dropped upon
it. Nail guns don't come with built-in sensors that detect living tissue
in front of it and refuse to fire if there is. You're just not supposed
to aim it at yourself, the safety button (sudo, -f, etc) is considered
to be enough.
The Ubuntu home page says "Ubuntu is designed with security in mind" and
that it's made to be easy to install and get up and running on most
computers, for free. When did Ubuntu become the distro made for
inexperienced users, or self-proclaimed 'experienced users' who don't
think things through all the way because it saves people from
themselves? Where is this claimed? I don't see that in the "Code of
Conduct," "What is Ubuntu?", anywhere.
Nowhere does it say "we strive to eventually implement every lame
Windows-type security 'feature' that is already proven ineffective,
because Ubuntu deep down really just wants to be Windows some day." It
actually says the opposite, boasting cutting-edge security features, not
ineffective ones.
> Is that even how we should treat other people? I don't understand what
your goal is with Ubuntu.
This isn't a person treating another person like anything, this is a
computer doing what it's told (or rather not, it seems).
> What you're calling for sounds more like it belongs in a distro
> like...Slackware?
> Gentoo? Please explain what you're trying to achieve here. :)
Again, show me the page that states that Ubuntu strives to be the distro
for users to be saved from their own ignorance, or lack of attention to
detail. I see "built with security in mind," and "easy to get up and
running," and "works on a variety of hardware out of the box," and
"Ubuntu is and always will be free of charge. You do not pay any
licensing fees. You can download, use and share Ubuntu with your
friends, family, school or business for absolutely nothing," but nowhere
do I see "It's for beginners and scatterbrains because they couldn't
possibly mess anything up! It even saves experts from their own
destructive type-os! Also it makes you feel loved like no other OS can!"
> Who are these inexperienced-yet-diligent users of which you speak?
All but one company I've worked for in the past 10 years demanded full
daily backups of all critical systems, and I can guarantee you the
people making these executive decisions were not experienced Linux
users.
> Maybe you'd be happier with something like Arch Linux?
Of all the things said in this thread, "you need to go use a different
distro," Is the least useful and community-minded, and least
humane/forgiving thing of them all. You can't claim to be for the OS
treating users with 'compassion' or 'respect' or whatever, and then say
stuff like this.
> There's protecting the user against pasting malicious commands, and
> there's protecting the user from the results of an unfortunate typo. Even
> experienced users make stupid mistakes like this
> (http://www.justpasha.org/folk/rm.html)
Key words being "stupid mistakes." If you actually read that story, they
had a backup but they only did them once a week, and they didn't have
anyone on staff that knew how to recover from it. That isn't the rm
command's fault, it's the company/engineer's fault. Ubuntu doesn't need
to be built to prevent companies that hire uninformed engineers from
losing their data. You might as well let it refuse to power the computer
on because the user might have plugged it into an outlet with the wrong
voltage.
--
rm does not preserve root by default
https://bugs.launchpad.net/bugs/174283
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
