How A Steam Bug Deleted Someone’s Entire PC

Kevin Fang

19 Jan 202411:49

Summary

TLDRIn 2015, Linux Steam users reported that starting Steam recursively deleted all files owned by their user account. Investigating the Steam startup script revealed a bug where a variable returning the Steam root directory path instead returned nothing under certain conditions, causing 'rm -rf' to wipe system files. Though the exact sequence of user actions triggering this remains unclear, the bug was fixed by adding checks before deleting directories and preventing the script from continuing on failures.

Takeaways

😀 This is the first episode of a video series about interesting software issues
🤔 The Linux Steam client had a bug that caused it to delete a user's entire filesystem
😮 Running 'steam.sh' directly with bash caused STEAMROOT to be an empty string
🤨 This empty STEAMROOT variable triggered the 'reset_steam' function
😠 'reset_steam' dangerously used 'rm -rf' on STEAMROOT, deleting everything
😕 Multiple users experienced total data loss from this bug
🧐 The root cause was incorrect handling of the $0 variable in 'steam.sh'
🤔 There were debates about the best way to fix this dangerous bug
😊 Multiple improvements were made to 'steam.sh' to avoid deleting user data
✅ The Steam deletion bug has not resurfaced in many years and is considered fixed

Q & A

What caused Steam to delete user files on Linux?
-A bug in the Steam Linux client caused it to run 'rm -rf' on the root directory if the STEAMROOT variable was set to an empty string. This happened if steam.sh was run directly rather than through the steam binary.
How did the 'rm -rf' command end up targeting the root directory?
-The STEAMROOT variable contained an empty string instead of the path to the Steam directory. When substitution occurred in the 'rm -rf $STEAMROOT/*' command, it expanded to 'rm -rf /*', targeting the root directory.
What triggered the reset_steam() function that contained the 'rm -rf' command?
-The reset_steam() function runs if the INSTALLED_BOOTSTRAP variable is empty. This variable should be set by the STEAMEXE executable, but wasn't run since STEAMROOT was invalid.
How did running 'steam.sh' cause the STEAMROOT variable to be empty?
-When run directly, 'steam.sh' fails to get the proper $0 path variable, causing a cd command to fail and STEAMROOT assignment to output nothing.
Did Keyvin actually run the steam.sh script?
-It's unclear. Keyvin claimed he only ran the steam binary, but others speculate he may have run steam.sh and forgotten.
What was Keyvin trying to do prior to launching Steam?
-Keyvin was trying to move the Steam installation to another drive. He symlinked the original Steam folder to the new location.
How could the bug have been triggered by Keyvin's setup?
-If the symlink was created incorrectly or accidentally deleted, it could cause STEAMROOT path resolution to fail when starting Steam.
What were some of the proposed fixes for the bug?
-Using readlink/dirname for STEAMROOT, adding checks for valid paths, making steam.sh exit on failures, writing scripts in other languages, and removing use of rm -rf wildcard.
Has the deletion bug issue resurfaced since it was reported?
-No, the issue has not reappeared over the past 8+ years since it was originally reported and fixed.
What was the overall impact of this Steam bug?
-It caused total data loss for at least two Linux users. Beyond that, the impact seems to have been limited.