For a long time I have considered using different user accounts to perform different mutually exclusive tasks. For instance, one user to play games, one user to do critical work, one user for media consumption. This would limit catastrophic failures of this sort.
I have been too lazy to do so.
Maybe this will scare me into doing it.

Wouldn't not touching the thing be a safer option right now than uninstalling it, because the latter may give the script one more chance to do its magic?

Unless you planned to remove its directories by hand, but then again - if I understood correctly - messing with the internals in such a manner is pretty much the only scenario that can lead to this particular disaster in the first place. So, huh, tread carefully.

I've commented the problematic command in the script for now. If I decide to uninstall, I would delete the files in my user directory manually, and uninstall the package normally.

But it happened once, who tells me there are not more problematic scripts? Would you trust all the scripts the package installs? (not only in your home directory) Actually steam only provides insecurity for me.

Well, no. I don't trust it and it gives me more heebie jeebies than ever. Perhaps this is a good time to get off my ass and think of ways to restrict it more.

How about an entire separate X on its own virtual terminal that just runs Steam as its own unprivileged user account? Apart from preventing it from accidentally deleting your files, it might also help to prevent it from 'accidentally' taking screenshots with unrelated things on them, sending my unpublished masterpiece to be reviewed by Valve, grading the spelling on my email, and perhaps even from snooping on my keyboard while I'm typing passwords to other things.

I'm not saying it does any of these things, but I'd feel a lot more comfortable if there was at least something in place to prevent it.

# Scary!

edit:
Meant playfully, of course.

So...
...
PoR: Ruins of Myth Drannor confirmed?
...

;p

Just curious, from a legal point of view, what are your chances if you decide to sue Valve for damages over this?

None, You (at least the person that bought it) signed a deal. It will almost certainly have indemnified the company.

They could also have avoided this problem had they used permissions appropriately. Making the steam directory be owned by the Steam group and adding the user to the steam group would prevent this sort of thing from happening without causing the directory to require root to delete.

They could still accidentally delete things that are owned by steam:steam or are writable by anybody, but that's not really their problem in most cases. Most things aren't world writable unless they're without value.

It astonishes me a bit how a company with the money that Valve has can't be arsed to learn the basics of permissions.
I think the agreement probably limits you to getting your money back as software companies never accept any meaningful liability for their software.

Ouch. I hate shell programming. But the "rm -rf" part should have set off an alert in the developer's head, and that he better be damn sure what the deletion location is. You can be sure that Steam does not have a review process in place for their development because I find hard to believe that two people could miss such an obvious potential problem.

Someone spam it to all the news sites quick...

I think that's the problem, it wiped out his home directory and the backup drive that he had mounted in there as well.

Mmm when there's a really broad pattern rm actually insists you confirm your deletions.. of course -f forces it blindly when you say you know what you're doing...

In this case let's hope he had a secondary drive with backups...

Don't get me wrong, they should still have confirmed the path name before doing the rm -rf, but for most people they're not going to lose that much data, even if they don't have back ups.

I forget who said it, but I think it's apropos, you can make something fool proof, but you can't make it damn fool proof. In this case,t his is something that a competent script writer should have seen coming and done something about.