NFD

faces/destroy is a privileged operation. The management authenticator logs a warning if privileges are not properly configured. Therefore, this bug is akin to "rm does not reject attempts to rm -rf /*".

Junxiao Shi wrote:

faces/destroy is a privileged operation.

How is that relevant? And even then, I'm sure 99% of the users run with the default permissions, i.e. everything is authorized.

The management authenticator logs a warning if privileges are not properly configured.

...which nobody cares about.

Therefore, this bug is akin to "rm does not reject attempts to rm -rf /*".

rm(1) has a --preserve-root option, enabled by default.

In any case, I don't agree with the comparison. I'd say this bug is more similar to shutting down all netlink sockets and preventing the creation of new ones, which is much harder to do (I don't think it's even possible on standard kernels), and definitely cannot be done by accident, e.g. by mistyping a command.

I'm sure 99% of the users run with the default permissions, i.e. everything is authorized.

Yes, even the routers. Combined with misconfigured WebSockets proxy (#3402-5), I can attack a router easily.
I'd put up a blog post about securing NFD command authentication sometime, but that's out of scope of this issue.

The management authenticator logs a warning if privileges are not properly configured.

...which nobody cares about.

The operator SHOULD care about WARNINGs and ERRORs.

Therefore, this bug is akin to "rm does not reject attempts to rm -rf /*".

rm(1) has a --preserve-root option, enabled by default.

--preserve-root only saves you from rm -rf /. It doesn't save you from rm -rf /*.

Junxiao Shi wrote:

--preserve-root only saves you from rm -rf /. It doesn't save you from rm -rf /*.

Of course, because /* is expanded by the shell into /bin, /etc, /usr, etc... so the rm command never actually sees /* in the argument list.
I'm not sure I understand your point here...