You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The meta-balena-genericx86 layer specifies installation to several common block devices, including nvme0n1, sda, sdb, etc. that are present in many PCs. The flasher script currently does not require input or confirmation before wiping a disk and destroying all the data on it, nor does it allow users to specify or restrict the disks or machine it's to be installed on.
Even worse, downloading an image through the CLI gives no indication that it's a flasher image, or that booting it will wipe your disk without confirmation.
┌─[15:32:20]─[joseph@wash]
└──> ~ $ >> balena os download genericx86-64-ext -o balenaos.img
Getting device operating system for genericx86-64-ext
OS version not specified: using latest stable version
The image was downloaded successfully
┌─[✗]─[15:33:22]─[joseph@wash]
└──> ~ $ >> sudo mount $(sudo losetup -fP --show balenaos.img)p2 /mnt \
> && find /mnt 2>/dev/null -name resin-init-flasher.service
/mnt/etc/systemd/system/multi-user.target.wants/resin-init-flasher.service
/mnt/lib/systemd/system/resin-init-flasher.service
Consequently, a user attempting to write this image to a thumb drive to boot balenaOS externally, leaving all their data intact, would be in for a rude suprise as their disk is wiped. Anybody accidentally booting from this drive in the future (Is this my Arch installation media?) would also wipe their drive without warning or confirmation.
The text was updated successfully, but these errors were encountered:
The meta-balena-genericx86 layer specifies installation to several common block devices, including
nvme0n1,sda,sdb, etc. that are present in many PCs. The flasher script currently does not require input or confirmation before wiping a disk and destroying all the data on it, nor does it allow users to specify or restrict the disks or machine it's to be installed on.Even worse, downloading an image through the CLI gives no indication that it's a flasher image, or that booting it will wipe your disk without confirmation.
Consequently, a user attempting to write this image to a thumb drive to boot balenaOS externally, leaving all their data intact, would be in for a rude suprise as their disk is wiped. Anybody accidentally booting from this drive in the future (Is this my Arch installation media?) would also wipe their drive without warning or confirmation.
The text was updated successfully, but these errors were encountered: