Date: Sat, 2 Oct 2004 15:02:29 -0400 From: David Schultz <das@FreeBSD.ORG> To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>, Peter Jeremy <PeterJeremy@optushome.com.au>, Giorgos Keramidas <keramida@FreeBSD.ORG>, freebsd-hackers@FreeBSD.ORG Subject: Re: Protection from the dreaded "rm -fr /" Message-ID: <20041002190229.GB1029@VARK.MIT.EDU> In-Reply-To: <20041002164607.GD90985@madman.celabo.org> References: <20041002081928.GA21439@gothmog.gr> <20041002102918.W22102@fw.reifenberger.com> <20041002085143.GA52519@gothmog.gr> <20041002124349.GA21569@cirb503493.alcatel.com.au> <20041002164607.GD90985@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 02, 2004, Jacques A. Vidrine wrote:
> FWIW, I'm not in favor of adding ad-hoc "features" to handle edge-cases.
> ("feature" because this is actually introducing a bug :-)
>
> I picked this email to which to respond, because I can share my own
> stupidity. Case much like the one described above, but my cronjob
> included something like:
>
> cd /path/to/directory/with/temporary/files
> rm -fr *
>
> Only another admin removed
> `/path/to/directory/with/temporary/files'... so the `cd' failed
> and left the current directory as `/'. For some reason the system
> crashed :-) ... and then crashed again a few days after restoring
> from backup... doh!
>
>
> Will the next step be to prevent `rm -fr *' iff the current working
> directory is '/' ? Please explain your answer. :-)
Hmm...good point. Since we can never hope to cover *all* the ways
for people to shoot themselves in the foot, let's just take off
the existing seatbelts. If people try to load old kernel modules,
the system will just crash. If they try to mount a device twice,
it'll corrupt the filesystem. And of course there's no need to
validate buffers passed to the kernel from root, much less even
check their length.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041002190229.GB1029>