[BreachExchange] College student with 'visions of writing super-cool scripts' almost wipes out faculty's entire system

Destry Winant destry at riskbasedsecurity.com
Wed Mar 20 09:01:12 EDT 2019


https://www.theregister.co.uk/2019/03/18/who-me/

Who, Me? Monday has once more reared its ugly head, but brings with it
the charming face of Who, Me?, El Reg's weekly look at cringeworthy
events of readers' pasts.

This week, we meet "Ted", who tells us of a time many years ago when
he was at a local college taking a course in computing.

"At the time, we were one of the first to go through a new curriculum
that combined both hardware and software engineering," Ted said.

"The idea [was] that you could not only build a computer but program
it as well."

Well, fast-forward a couple of years and Ted the teenager thought he
knew everything – so he jumped at the chance to "help out" another
faculty with an upgrade to their Unix system.

"I had visions of writing all sorts of super-cool scripts and even
using this whole new language I'd been learning, called 'C', to write
applications," Ted said.

Instead, Ted just found himself moving user directories from one old
system to another new one.

"Needless to say this was a lengthy and boring process as I had to log
in to destination, remote into the source system from the destination
and execute a remote copy process," he said.

Moreover, this had to be done for every directory individually.

And so, after a few hours, Ted decided he was smart enough to automate
the whole thing.

"I wrote a snappy Bourne Shell script to do what was needed," he said.
"I tested the script, was happy with my work, and kicked it off."

A few minutes later and, as Ted put it, "the awful truth presented itself."

The system was not copying the user directories from source to
destination. It was instead copying the root of the destination into a
directory on the source and deleting all the files.

As it turned out, Ted hadn't looked where he was when he started the script.

"The source system's root was now empty. With the boot image missing
the entire system would be completely dead if they restarted it."

Ted spent the next few minutes panicking, before remembering that his
script also kept a list of the files it had copied, and the
permissions.

"I hurriedly copied everything back, one at a time, and reset the
permissions manually," Ted said.

He had just finished when the head of faculty appeared and asked him
how everything was going.

"He took one look at what was listed on the terminal window and nearly
passed out."

However, he quickly rallied and, rather than yelling at the hapless
teenager in front of him, he focused on the problem at hand.

Ted explained what had happened, how he had corrected it and the boss
agreed it all looked OK.

"I finished copying all the user data (the way I had been shown) and
we held our breath and rebooted the system I had so nearly destroyed.
Thankfully it started up properly and all was well."

After that, the head of faculty insisted Ted buy him a beer and then
let rip about just how idiotic he'd been to try that stunt in the
first place.

"I am fairly sure he still hasn't fully recovered," Ted concluded.


More information about the BreachExchange mailing list