This site is now archived

rm my Mac was online for one month, between February 22nd and March 22nd 2006.
The hostname now points elsewhere and the mini has been reinstalled.
Thanks for wasting your time on it.
An archive of the site, including config files and databases for Apache, MySQL and LDAP, is available here.
Static versions of the pages right before the original site was taken down are available below.

• rm -rf /
• rm -rf /FAQ
• rm -rf /SSH
• rm -rf /Contact
• rm -rf /Logs
• rm -rf /Notes
• rm -rf /Idiots
• Poll results (What celebrity would you like to see get rm'd?)

"Zeroday can happen to anyone"

Raven Alder admits to getting her Mac owned during Shmoocon.
More info in this The Register article.

Lessions learned

• Ironically, creating /tmp/1/1/1/1/1 (...) will prevent /bin/rm from rm -rf'ing the directory (too many open files). A special program which does while(chdir("1")==0); do { chdir(".."); } while(unlink("1")); is required.
• perl -n /dev/zero (courtesy of Jeff Uphoff, posted March'95) will bring down the OS to it knees, making it completely unusable.
• Don't put arbitrary users' homedirectories on the root partition.
• /etc/hosts.deny quickly gets lots of entries while filtering out users doing the things above.
• Mac OS X still has a bunch of fundamental security vulnerabilities.
• Apache 2.2.0 freaks out at random (probably not, but I didn't bother looking into it) on Tiger and starts consuming 100% CPU. Recent 2.0 releases work fine.
• The apple-user-homequota attribute is only respected when the homedirectory is mounted over AFP (thanks J).
• To be able to activate quota you need to create /.quota.ops.{user,group}
• The anonymous security professional who had her Powerbook turned into a warez site during Shmoocon was Raven Adler.
• Writing code drunk results in incorrect usage of htonl()/ntohl().
• Apple's package of OpenSSH is tricky to recompile.
• Replaying SSH sessions piped to /usr/bin/say while listening to demo scene music is fun and pleasant.
• Most people attracted by this site didn't seem to know much about Mac OS X.
• The hackers attracted to this site were more interested in fame than in good old rm'ing.
• I seem to get bored just about once a month.

-- rm-my-Mac [at] WIDEOPENBSD.ORG