From owner-freebsd-hackers@FreeBSD.ORG Sat Oct 2 12:43:54 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AE0D16A4CE; Sat, 2 Oct 2004 12:43:54 +0000 (GMT) Received: from mail08.syd.optusnet.com.au (mail08.syd.optusnet.com.au [211.29.132.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABCF643D45; Sat, 2 Oct 2004 12:43:53 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c211-30-75-229.belrs2.nsw.optusnet.com.au [211.30.75.229]) i92Choov014286 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 2 Oct 2004 22:43:51 +1000 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1])i92ChoxP022473; Sat, 2 Oct 2004 22:43:50 +1000 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost)i92ChnTK022472; Sat, 2 Oct 2004 22:43:49 +1000 (EST) (envelope-from pjeremy) Date: Sat, 2 Oct 2004 22:43:49 +1000 From: Peter Jeremy To: Giorgos Keramidas Message-ID: <20041002124349.GA21569@cirb503493.alcatel.com.au> References: <20041002081928.GA21439@gothmog.gr> <20041002102918.W22102@fw.reifenberger.com> <20041002085143.GA52519@gothmog.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041002085143.GA52519@gothmog.gr> User-Agent: Mutt/1.4.2i cc: freebsd-hackers@freebsd.org Subject: Re: Protection from the dreaded "rm -fr /" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Oct 2004 12:43:54 -0000 On Sat, 2004-Oct-02 11:51:43 +0300, Giorgos Keramidas wrote: >The reason I liked this idea is that root has zillions of other ways to >destroy an entire system, but not many of them are likely to be the >result of mistyping a single character as shown below: > > # rm -fr / home/someuser/* I've had a customer write a cronjob that did almost exactly this. He managed to 'test' it on all the (redundant) production systems as well as the test model. We were only called in when he found that there were some unexpected console messages and the systems wouldn't boot when he pressed the reset button. Luckily it managed to kill itself before it destroyed all the evidence (since the culprit initially denied doing anything). Based on that, I'm definitely in favour of some anti-foot-shooting measures. I don't think it should fail quietly: If I ask the computer to do something (stupid or not), it should either do it or tell me that it hasn't done it. Failing to do what I ask and not telling me means that I can't trust the computer - I have to double-check that the files I wanted to delete have actually gone away. -- Peter Jeremy