[ZCM] [ZC] 1259/ 7 Resolve ""make uninstall" can delete system directories"

Wed May 12 14:06:03 EDT 2004

Issue #1259 Update (Resolve) ""make uninstall" can delete system directories"
 ** Security Related ** (Public)
 Status Resolved, Zope/bug critical
To followup, visit:
  http://zope.org/Collectors/Zope/1259

==============================================================
= Resolve - Entry #7 by ajung on May 12, 2004 2:06 pm

 Status: Pending => Resolved

target "uninstall" has been removed (2.7 branch, HEAD)..amen
________________________________________
= Comment - Entry #6 by Caseman on May 12, 2004 1:44 pm

+1 to remove this: YAGNI it's too difficult to get "right". I see no need for deprecation warnings in a make file.
________________________________________
= Comment - Entry #5 by ctheune on May 12, 2004 12:20 pm

+1 for removing uninstall. Maybe replace it with a deprecation message? Maybe not ... 
________________________________________
= Comment - Entry #4 by ajung on May 12, 2004 10:53 am

My suggestion is to remove the uninstall option since it is hard to fix. Any opinions on that?
________________________________________
= Unrestrict_pending - Entry #3 by tseaver on Apr 29, 2004 2:05 pm

Not a security hole.
________________________________________
= Comment - Entry #2 by ajung on Mar 23, 2004 6:56 am

The logical consequences are either to remove the uninstall target or to disallow the installation of Zope into
directories that already contain files.
________________________________________
= Request - Entry #1 by Anonymous User on Mar 16, 2004 6:29 am

The following commonly used sequence is able to destroy your system quite fast:

# ./configure --prefix=/usr
# make
# make uninstall

After "make uninstall" the makefile script starts deleting /usr, since it simply executes 

uninstall:
        ${RMRF} "${PREFIX}"

which results in "rm -rf /usr".
==============================================================