Hacker News new | past | comments | ask | show | jobs | submit login

A quick example - RVM!

http://rvm.io suggests you run the command:

\curl -L https://get.rvm.io | bash -s stable

Which exhibits exactly the failure scenario outlined in the article; partway through the script RVM cleans up after itself by running "rm -rf ${rvm_src_path}"

Simple changing this to

"\curl -L https://get.rvm.io > /tmp/rvm.sh && bash /tmp/rvm.sh stable"

Would eliminate the potential for nasty failures, with a minimum of fuss.




Actually, just changing it to "wget -O - https://get.rvm.io | bash -s stable" would work fine.

Of course, doing it the way you describe creates a /tmp race condition, so there's that.

I'm also curious what you think a partial read of "rm -rf ${rvm_src_path}" might resolve to that would be dangerous.


But there's no / in that command, or any way for it to rm the wrong directory, unless I'm misunderstanding something.


You're right, I'm completely wrong - the worst thing that can happen here is that the whole RVM directory is removed. Hardly catastrophic, and definitely not the extreme failure case the article is talking about.


There's no guarantee where $rvm_src_path will point to.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: