Do not run this script, ever!

News & Discussion related to Computers, electronics and Science.
Istik
Machinating Paranoiac
Machinating Paranoiac
Posts:3401
Joined:Wed Nov 21, 2007 3:33 am
Location:Tasmania
Contact:
Do not run this script, ever!

Unread post by Istik » Tue Jan 29, 2008 11:07 am

http://thedailywtf.com/Articles/Do-not- ... ever!.aspx

I worked in a fairly large department that used a spreadsheet as the bug-submission-tracking "system". Naturally, the person who assigned the work kept it open at all time, making it impossible for anyone to actually open it to enter a new bug.

Part of my job was to evaluate new technologies to see if they could be of use in our department. This time around, it was ColdFusion.

I installed and played with it a while, and decided that the best way to get a feel for it was to build a throw-away system that actually did something of substance. Having been inflicted with the daily arguments about who left the bug-spreadsheet open, I decided that I'd build a bug-tracking system. At least it was something to focus on.

I quickly threw something together and, next thing you know, my boss said we should use my system for real. Of course, there were no passwords, everything was passed in clear-text, etc., but it was only for our department, and nobody would abuse it.

The thing actually worked fairly well. I started the bug tracking numbers at 300, so that they could prime it with the bugs from the spreadsheet. Over the next year, the users feature-creeped the thing into a fairly useful utility.

Then it was my time to move on to another project. I trained the newbie they hired on how it worked, what made it tick under the hood, the database, all its tables, etc. Even the script that [re]created the database from scratch. After all, you always do these things in a script, right?

It was a ksh script that looked something like this:

#!/bin/ksh
echo "DO NOT EVER RUN THIS SCRIPT - IT DESTROYS, THEN RE-CREATES THE DATABASE"
exit 1
drop table ...
create table ...
...
# prime the database
insert into table values (...This particular script was also read-only, just to make sure that it was never run after people started using the system.

About a week later, everyone was running around, wondering, why are all the menus truncated? Where are all the bug reports? Wha.....

My boss asked me to look at it. It took me one second to find the problem: the bug numbers for newly entered bugs were coming out at 305, 306, 307, etc. Between that, and the fact that all the menus had been reduced to their original default values, it seemed that the database had been recreated.

We went to the newbie to see what had happened. He explained that he wanted to see what the database-creation script did, so he ran it. When I asked how he was able to execute a read-only script, he replied that he made it executable.

I asked what he thought when the script printed "DO NOT EVER RUN THIS SCRIPT" and exited without doing anything. The newbie said he saw that, but really wanted to see what it did, so he commented out the "exit 1" and ran it again. Then, when the users started complaining, he kept re-running the script to try and fix the problem.

We rolled back to the last checkpoint, and re-entered the few missing bugs by hand. Thankfully, I had programmed it to dump stuff to log files.


Doesnt surprise me at all.
Image

Post Reply