Text message:

cat 0 > /proc/features/stupid/most

Nor do I have anything constructive to say about this. However for some reason I find the whole situation extremely funny and have been chuckling about it for five minutes now. I can just see someone showing their new Android phone off to their friends, comparing it to their iPhone and Blackberry and having the phone randomly reboot or some other thing. Much hilarity and laughing at said Android owner would occur. Thank El Reg, now my co workers think I'm totally out to lunch.

rm -rf would be worse? At least -r on its own would ask you before it committed user assisted suicide... ;)

Larry: Hey what's that command again?

Moe: rm -rf /

Larry: thanks Moe , have you seen Curly?

Larry: Moe?

Larry : You there Moe?

Can anyone please explain how that bug might have been created? As a programmer, I am at a complete loss to understand how such an error would occur.

Unless they're reading all your messages. Which would explain the black helicopter.

No it's not: one techie sat in front of system, txts colleague for assistance... lots of potential for commands to be txted there! :-O

I'm a Linux developer and I can't even begin to imagine how they managed to create such a stupid bug.

Just tried it and yes, it rebooted.

Let's hope TMobile send the patch out asap..

that during my spell as a Hell desk engineer i quite often got text messages from users with problems who were traveling or were doing work on the weekend asking for some friendly out of hours support (as this was a best efforts deal only the CEO or CIO actually called unless it was life and death ) the rest mostly work mates would text me and hope i called or text back with an answer. this would often contain the words reboot and restart in typical help desk style.

thankfully those days are over and now i'm a systems engineer and my out of hours support is paid :-) but about 100 times harder :-(

What has "cancer" being in a T9 dictionary got to do with this story?

And what does a T9 dictionary have to do with a phone which has a full qwerty keyboard? Which doesn't lend itself to predictive text software at all?

>Of course, not many messages contain the word "reboot"

That one did, and so does this one. Perhaps we should call it the R-word in future to spare all those Android users. Oh, forgot, there aren't any...

Receiving an SMS from the NOC saying something along the lines of

"CRITICAL ALERT: REBOOT SERVER"

... and sending your G1 into an infinite loop!

Indeed.

That would be `sudo rm -rf /`, actually.

That makes me want to get a G1 even more. There must be loads of wacky bugs to find. Then its just a case of setting up a website for people to share their creative ways of bricking a gPhone. What fun to be had...

The bug was created by piping /dev/console, nothing to do with google's software it self but with the OS conf.

(To the tune of Camptown Races)

rm -rf *

Doo dah, doo dah,

rm -rf *

Doo, doo dah day!

I wonder... does it just happen on texts you type yourself, or can received texts also trigger the command sequence? :)

Mind you, such a silly "bug" would certainly cause a few days of fun for wannabe BOFHs volunteering to offer "support" to Android (l)users :)

Paris, because. (Oh come on, I'm sure you can think of plenty of excuses for warranting her presence on this thread!)

typing "Refund" doesn't have the desired effect.

<sarcasm>

Erm Cant you guys see that its a feature, and not a bug, I have an N800, and I know How difficult it is to open the terminal. Now thats what I call usability. I mean dude, you can type the commands from anywhere!! Even the guys @ Cupertino were not smart enough to implement this on the Jesus Phone. Pity they patched it now though.

</sarcasm>

But seriously, If this was on WinMo, everyone would go on ranting on how Microsoft's code is the "suxorz"

Funny how the I-used-to-be-an-IT-supporter types discuss the pros and cons of texting bewildered users "rm -r" and "rm -rf" messages like if it was daily routine...

Easy - they used a common interface to access underlying OS and text messages or maybe same UI with debug switch to disable OS access. The when release time came found it worked OK in debug but not release/ or pressure from boss to get out quick and 100 other things forgotten

of course you do need to assume they aren't the best coders/lack experience of this type of project - and all sorts of stupid things can happen

but look on the bright side - if all coders were good, it would be much harder for us that are to shine :-p

But it would be interesting to have a contest for it. I think the Register needs to be a bit more measured in their hyperbole. I like the style, but sometimes they go off the deep end.

Having said that, I'll admit that it was pretty egregious. The input buffer is executable by default? Weird.

Back to the original theme: They are even hyperbolic in their icons. I want to express disapproval, and the tombstone is sort of cute, but I'm not actually so steamed as to erase the bookmark.

...a major commercial radio group whose incoming text messaging system displayed incoming texts on a web page in the studio.

You guessed it already: it was possible to send html tages on which it would act, with hilarious consequences.. not least sending links to jpgs that would be displayed as inline images. Still it gave the DJs something to look at before playing another Coldplay record.

Paris F.O.R...

Hahahahahaha @ the early adopters.

Owned yet again.

Nice for when you want to stop messages from a spam service then? Genius...

Why does Google need code that parses your text messages in this way (beyond lifting out numbers in cases they are telephone numbers)? What is it looking for? Is it speaking back to mother? Will you now get a "personal web experience" when your Android account gets paired up with your Google search/mail/apps account?

Google - they are the new evil.

Reckon the G1's text message editor was coded by an alias for a Mr S Ballmer?

As the title says, at least it's only when you compose a text message. Imagine the fun you could have if you could just send a text to an Android phone with the word "reboot" in it.

I suppose not the daftest bug ever created. It's along similar lines to SQL injection bugs found on web servers. It does beg the question why the Android is parsing what is effectively a text entry field.

Makes my iPhone seem bug-free...

isn't the OS open source? if so, cant someone who understands such things look at the code & tell us why this 'feature' is in there?

As a programmer myself, I am at a loss to understand how this bug came to be. How in hell is their software structured?

So, you have a 'console' right, where you can type commands into the command line interpreter (CLI)?

The CLI parses your input against a known list of commands and executes the commands as it finds them.

Why would you ever (as the programmer) want to place the text of a received message through the CLI?

I can think of only one reason: It would give the network operator a facility to reconfigure your phone via SMS, like the 'network service' texts that one sometimes receives when roaming networks for example.

Damn. I think I've just answered my own question.

Oh dear. Nasty bug.

This would never have happened if the OS had been written in FORTH :-)

More information:

"It looks like there is a /system/bin/sh process running in the background with

/dev/console mapped to stdin. That has the effect that everything you type on your

keyboard is actually being executed as root in the background even though you don't

see the output."

http://code.google.com/p/connectbot/issues/detail?id=64

Which means everything you type is being executed, most of it returns "<command>: not found", but do not under any circumstances send a text message about anything computer related or it'll run with root privileges.

Ye Gods, give me Symbian or even Windows Mobile any day. Who in their right mind would use one of these shiny new devices from a latecomer like Google or Apple to access a network if they're going to get billed for it?

is this a bug? surely, in all seriousness, this is a feature. Why else would it execute commands from what should simply be a large-never-executed-block-of-text-to-be-sent-somewhere. Are you suggesting that the programmers *accidently* enabled command execution in a text box? Is that like when shoplifters *accidently* drop things into their pockets in shops ? :) "Sorry, Officer. These big pockets are a design flaw of the coat I'm wearing...and I'm clumsy"