Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-4006

bin/impala-config.sh contains dangerous rm -rf statements, which can delete everything it has access to

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Impala 2.2.4
    • Fix Version/s: Impala 2.8.0
    • Component/s: Infrastructure
    • Labels:
      None

      Description

      Today bin/impala-config.sh deleted my whole git clone, including unsubmitted code. The issue was reproducible, I attached logs of it.

      I inspected $IMPALA_HOME, which contained the correct path twice, separated by whitespace. The

      rm -rf ${IMPALA_HOME}/Testing
      

      line of the script got expanded to

      rm -rf ~/git/Impala-ASF ~/git/Impala-ASF/Testing
      

      and happily deleted my whole workspace. Had my home directory been mentioned there, it would have been purged as well.

      The reason why IMPALA_HOME contained the path twice is the following line of the script:

      export IMPALA_HOME="$(dirname "$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)")"
      

      In this line, only pwd is supposed to print the name of the directory, but if the CDPATH environmental variable is set and contains ., then the cd command also prints it. Because of my CDPATH setting, the directory name ended up being printed twice.

      Solution:

      • Variable substitutions should be quoted properly (preferably everywhere, but at least in rm -rf commands).
      • The output of the cd command should be redirected to /dev/null

        Attachments

        1. rm-log-normal.txt
          26 kB
          Zoltan Ivanfi
        2. rm-log-set-x.txt
          211 kB
          Zoltan Ivanfi

          Activity

            People

            • Assignee:
              zi Zoltan Ivanfi
              Reporter:
              zi Zoltan Ivanfi
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: