[olug] sudo vs root differences: Botched npm Update Crashes Linux Systems, Forces Users to Reinstall

[Lou Duchez]

And here I was thinking I was a mook for always su-ing up to root, 
rather than sudo-ing.

I'm going to pull a guess out of my backside.  The code is trying to 
recursively chown the installation directory, except somebody screwed up 
and coded it as "/" rather than ".".  And compounding the problem is 
that the chowning is based on the actual user rather than whom the user 
is sudo'd up to.  I would guess that whoever was testing this didn't 
notice the problem because either they were running as true root -- 
which could cause mysterious side effects that you might not even notice 
for a while -- or they were able to run npm as a lower-priority user, in 
which case it wouldn't have changed much so it's unlikely they would 
have noticed at all.


> Interesting in that the following problem effects users who use sudo, but
> not root itself.  I could see ENV variables differences have an effect on
> program logic.
>
> I would love to delve into this right now but VisualBasic6 software wont
> let me.    Oh, the troubles i have seen.
>
>
> Botched npm Update Crashes Linux Systems, Forces Users to Reinstall
> https://www.bleepingcomputer.com/news/linux/botched-npm-update-crashes-linux-systems-forces-users-to-reinstall/
>
>
> p.s.  Would also like to have an angle on this to convince others that all
> JavaScript in my browser must be EV level digitally signed.
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://www.olug.org/mailman/listinfo/olug