Monday, October 10, 2011

Recovering From "rm -rf /"




Recovering From "rm -rf /"


A recent favorite blog offered a very nice introduction to the benefits of using ZFS as the root file system under Solaris.




This is every system administrator's worst nightmare, not to mention bad joke that gets giggles whenever such a mistake is suggested.


History


This condition is, perhaps, every operating system or application administrator's worst nightmare... the loss of a root or OS volume due to non-hardware, non-firmware, or non-OS caused related error.


Having seen an "rm" go out of control a number of years ago, due to a shell script which had an improperly initialized variable, this writer can say with a high degree of certainty that every time a shell script is written by a seasoned scripter, the paranoia from such a possibility will force consideration of whether this condition could EVER happen... often to the point of ensuring that there is no possiblity that an environment variable expansion could NEVER equate to "/" or even an entire user's home directory.


Benefits: Applications & Security


It is great to see first-class operating systems propose a solutions to a badly performed actions such as this... or just plain-old bad application patches. Sure, some utility writers will protect the "/" filesystem through hardcoded checks - but evil "rm -r" expansions can occur from "." and ".." and cause very similar kinds of damage.


Protecting root filesystems with ZFS offers a fast recoverable fallback. Protecting application filesystems with ZFS offers similar application level fallback. Protecting data with ZFS offers instantaneous (and virtually unlimited) backups, as well.


As a side note, this also provides a rollback mechanism for virus/worm infection, or intruder compromise, leaving Solaris with an incredibly important mechanism for security that is rivaled by few operating systems.


Conclusion


After reading multiple articles about the draconian methodology used by the U.S. military in dealing with PC rebuild times, due to not using freely available ZFS to roll back time on the desktops, one might think that using an operating system without such protections against viruses and worms is akin to a national security problem.

No comments:

Post a Comment