iTunes 2.0: an analysis of what went wrong

We think there is a lesson to be learned from looking at how the package installer for the original release of iTunes 2 erased user's volumes. It illustrates the power of UNIX and its ability to cause havoc with the slightest error, a point we have raised previously. Ernst Mulder sent us this explanation:

"The installer tries to erase a previous version of iTunes using (with root privileges) the rm -rf command. However it doesn't take into account that volume names can contain spaces.

Worst case, when a volume name starts with a space character, the installer will remove the contents of /Volumes which is a directory containing all 'mount points' e.g. All mounted disks (apart from the boot disk) and mounted servers and such.

This is quite a severe bug, the 'rm -rf' command parameters should have been enclosed in quotes, which would have prevented this erasure.

This really is a beginners error, the rm -rf command (especially under root privileges) is such that extreme care is in order when issuing this command.

Here is a look at the relevant look at script in question:

#!/bin/sh

# if iTunes application currently exists, delete it
if [ -e $2Applications/iTunes.app ] ; then
rm -rf $2Applications/iTunes.app 2> /dev/null
fi

exit 0

When the diskname (partition name) starts with a space the following happens:

rm -rf /Volumes/ harddiskname/iTunes.app 2> /dev/null

So rm removes /Volumes (all mount points!) and a nonexistent path harddiskname/iTunes.app but no errors are displayed because they are /dev/nulled."

One aspect that still puzzles us is why the installer was set to attempt to remove the previous version of iTunes at all. In the Read Me files of both 2.0 and 2.0.1, the installation instructions told the user to remove any older versions of iTunes before running the installer. (Thanks also to Andrew Welch of Ambrosia Software.)