Linux malware bricks computers

dosbox

This article (which i found linked to on some linux forum), shows how systemD can intentionally brick an otherwise functional computer.

http://thenextweb.com/insider/2016/02/01/running-a-single-delete-command-can-permanently-brick-laptops-from-inside-linux/

BlueSun

I see no mention of malware in that article. The user simply ran rm -rf –no-preserve-root / which deleted some EFI files the computer needed to boot.

While malware certainly could run that command or even target that directory specifically, the article didn't mention it. So where did you get "malware" from?

Also, on the subject, why the hell is this even possible? I mean it's never really a good idea to rm -rf / your system, but usually it only hoses the OS and maybe some mounted drives if you forgot to dismount them first. It should never be able to brick the firmware.

calvinb

It's not systemd - it's the fact you have your EFI variables partition mounted r/w. The real problem is 1) shit firmware that breaks if you remove variables and 2) mounting it r/w when not needed.

dosbox

BlueSun wrote:

I see no mention of malware in that article. The user simply ran rm -rf –no-preserve-root / which deleted some EFI files the computer needed to boot.

While malware certainly could run that command or even target that directory specifically, the article didn't mention it. So where did you get "malware" from?

The malware I'm referring to is systemd. It's been obvious for a long time that this software is clearly designed to cause damage.

dude

1. It's not malware.
2. Nothing to do with systemd whatsoever (which also isn't malware).
3. "rm -rf --no-preserve-root /" is a pretty dumb method of just wiping out an install. It's faster to mkfs.
4. The laptop wasn't bricked, this bozo just didn't know how to boot from a USB or DVD to install a new OS.

wpblogheader

viewtopic.php?f=10&t=8057

ampharos wrote:

Stop talking like it's Slashdot circa 2003.

stitch

dosbox wrote:

This article (which i found linked to on some linux forum), shows how systemD can intentionally brick an otherwise functional computer.

http://thenextweb.com/insider/2016/02/01/running-a-single-delete-command-can-permanently-brick-laptops-from-inside-linux/

You clearly don't understand what's ongoing there so can you please refrain from being all fanboy when you don't understand the full implications of what's ongoing or you're going to find your VIP status revoked because it's not VIP material.

A) yeah it requires an explicit rm -rf --no-preserve-root / to work. So if you're dumb enough to run that, you probably deserve to have your system bricked.

The efivarfs is common across any Linux system that is booted with EFI and have the support compiled into the kernel. It will be present if you boot via EFI no matter if upstart, sysvinit, openrc or systemd is used. There are a lot of reasons to hate systemd, this is not one of them, and nothing about systemd would be considered 'malware'. Poettering's design is shitty, but there's nothing intentionally malicious in it.

C) Systems compliant with UEFI standards will not be bricked from this. The delete is effectively removing some non-critical data and unsetting some variables in your firmware. A compliant system would reboot as it would fresh from the factory after removing it's efivarfs. This primarily affects some old MSI laptops and a few others with the same non-compliant EFI firmware.

yourepicfailure

I would have to agree with stitch. Ran this inside a Jessie VM set for efi.
System rebooted as expected, threw off gibberish, and seconds later attempted a standard PXE lan boot.

If you're idiotic enough to try this on metal, you deserve what you get. It's 100% user avoidable.
Sure systemd is horrendous. However its quirks can largely be avoided if you just don't fuck up where you shouldn't be and know what you're doing.