Safe-rm - rm wapper which prevents stupid (Hopefully)

Hey there,
I just found this tool while searching for solutions to fool-proof rm on my system. Seeing that this distro is for linux newbies as well as advanced linux users, I would like to request this as package (Or garuda-assistant-tweak)
It could probably also help with "rm -Rf /" trolls (No I have not tried it myself yet, I don't want to risk losing all my files in case this does not work xD
I guess one of you could try that in a VM? It would take a bit too long to spin one up myself I suppose.
Thanks!

Edit: Safe-rm is in the aur, but uses the chonky 500 mb rust runtime, which I hate

1 Like

The link you posted is not set up correctly (it does not link to a page.

This is the thread for requesting new packages: Everything about packages

I fixed the link.

To save people time, it is a rm wrapper written in rust which doesn’t allow you run it on a bunch of directories. i.e. /, /usr, /etc, and so on.

4 Likes

I thought that thread was only for requesting packages for the chaotic-aur... I was already confused once about this

If you customise it to do so. By default it for some reason only protects /usr/lib/* - That's what the manpage sais at least

Are you sure you are reading that right? To me, that looks like an example, not a description of the defaults.

Here is what is in the code:

    "/bin",
    "/boot",
    "/dev",
    "/etc",
    "/home",
    "/initrd",
    "/lib",
    "/lib32",
    "/lib64",
    "/proc",
    "/root",
    "/sbin",
    "/sys",
    "/usr",
    "/usr/bin",
    "/usr/include",
    "/usr/lib",
    "/usr/local",
    "/usr/local/bin",
    "/usr/local/include",
    "/usr/local/sbin",
    "/usr/local/share",
    "/usr/sbin",
    "/usr/share",
    "/usr/src",
    "/var",

You know, we have a bundle of bash shortcuts already. If I'm reading this request right, why not link that command (with specific variables) to a much safer one? Even something instructive? I don't think a great amount of detail would be warranted.

Looks like all of the locations are already “protected” by being owned by root, so a normal user can’t just rm them.

The normal assumption is that if someone executes commands as root then they know what they are doing - they’re in charge of their own system.

I don’t see what this adds over standard practice of running as an unprivileged user. :thinking:

1 Like

@jonathon, ever practical. :smiley: Yeah, no sense straying too far from the herd.

1 Like

Perhaps on our BlackArch edition we should alias hack_tha_world to that. :rofl:

Might help weed out the script kiddies who imagine themselves Mr. Robot! :bomb:

Perhaps a fork bomb would be another good candidate for an alias. :stuck_out_tongue_winking_eye:

4 Likes

Oh welp, seems like I misread this: "If all of these are empty, a default list of important paths will be used. \n /usr/lib/* \n will protect..."

I have tried to alias rm="rm -i", but -i would somehow never trigger, but it seems like I was stupid and used the -f flag. Rookie mistake I guess

1 Like

To ensure protection is on at all times, you need to add "rm -Rf /" as a boot script to test it.

1 Like

I'll sit back and watch... ( opens beer )

1 Like

It's not just rookies that make major errors, trust me.

:wink: :rofl:

3 Likes

Was reading about it, someone at a company ran some scripts, and some of those scripts had rm, with an environment variable that was missing or '/', and before you knew it -- everything was gone.

That's what backups are for, but all his backups were mounted and flushed with it.

He was hosting data for lots of customers and was asking for advice online... people were like "sorry, find another job"

An attempt using the 949 kb bash runtime:

#!/bin/bash

_opts=1
declare -a _unsafe
for _arg in "$@"; do
  case "${_arg%/}" in
    --i-know-what-i-am-doing|--suicide|--seppuku|--aettestupa) (( $_opts )) && { shift; _selfharm=1; } ;;
  	-i|-I|--interactive*) (( $_opts )) && _i_set="$_arg" ;;
  	-r|-R|--recursive)    (( $_opts )) && _r_set="$_arg" ;;
  	-*) ;;
  	--) _opts=0 ;;
  	/|/bin|/boot|/dev|/etc|/home|/initrd|/lib|/lib32|/lib64|/proc|/root|/sbin|/sys|/usr|/usr/bin|/usr/include|/usr/lib|/usr/local|/usr/local/bin|/usr/local/include|/usr/local/sbin|/usr/local/share|/usr/sbin|/usr/share|/usr/src|/var)
  	    _opts=0 ; _unsafe+=("$_arg") ;;
	  *)  _opts=0 ;;
  esac
done

if [[ -n $_r_set && -z $_i_set && ${#_unsafe[@]} -gt 0 && ! $_selfharm -gt 0 ]]; then
  echo "careful with that axe -- unsafe recursive operation detected ($_r_set)"
  echo "cowardly refusing to wipe ${_unsafe[@]}"
  echo "please express your death wish explicitly if that's actually your intent"
else
  echo "/bin/the-real-rm $@"
fi

Beware, it’s more about humor than safety.
Probably slow. Almost surely buggy. Won’t save you from “rm /bin/*” anyways.
Configurable with your favorite text editor.


I’m surprised no one mentioned “you can’t fix stupid” – once I dodged the “rm -rf” bullet when I overlooked shell quoting issues in a script of mine, fortunately I just got a bunch of “no such file or directory” and half a heart attack.


edit: fixed shell quoting issue…

3 Likes

That’s @Bro 's line so we don’t impinge on his territory. :wink:

4 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.