How A Steam Bug Deleted Someone’s Entire PC

A deeper look into a steam-for-linux GitHub issue (https://github.com/valvesoftware/steam-for-linux/issues/3671) investigating how a steam script was able to delete the entire contents of someone's root directory. While the direct cause of the rm -rf is fairly obvious, how it was triggered in the original bug report is not, and may forever remain a mystery... Sources: https://www.opensuse-forum.de/thread/10620-suse-ist-leer/?postID=70749 (buggy copy of steam.sh posted by "Acies") https://wiki.archlinux.org/title/steam Chapters: 0:00 Intro 0:26 Steam on Linux 1:40 The Bug 2:58 STEAMROOT 6:04 reset_steam() 8:11 Valve theory 9:21 My "theory" 10:34 Fix Corrections: - At 0:56 the descriptions for /bin and /usr/bin are historically correct, but on modern Linux distributions (e.g. beginning in Ubuntu 19.04), /bin is replaced with a symlink to /usr/bin (in a transition called "merged /usr" or "/usr merge") so both contain the same contents. Music: - We Shop Song by Philip Milman - Blue Mood by Robert Munzinger - Aloft by LEMMiNO (https://www.youtube.com/watch?v=XNEKdkB_kdc) - Firecracker by LEMMiNO (https://www.youtube.com/watch?v=ulfoU2MziOc) - Cool Vibes by Kevin MacLeod - Financial Obligations by Philip Milman