From owner-freebsd-hackers@FreeBSD.ORG  Sat Oct  2 19:02:14 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 70EA216A4CE; Sat,  2 Oct 2004 19:02:14 +0000 (GMT)
Received: from VARK.MIT.EDU (VARK.MIT.EDU [18.95.3.179])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 25A6743D39; Sat,  2 Oct 2004 19:02:14 +0000 (GMT)
	(envelope-from das@FreeBSD.ORG)
Received: from VARK.MIT.EDU (localhost [127.0.0.1])
	by VARK.MIT.EDU (8.13.1/8.12.10) with ESMTP id i92J2THQ001251;
	Sat, 2 Oct 2004 15:02:29 -0400 (EDT)
	(envelope-from das@FreeBSD.ORG)
Received: (from das@localhost)
	by VARK.MIT.EDU (8.13.1/8.12.10/Submit) id i92J2TJN001250;
	Sat, 2 Oct 2004 15:02:29 -0400 (EDT)
	(envelope-from das@FreeBSD.ORG)
Date: Sat, 2 Oct 2004 15:02:29 -0400
From: David Schultz <das@FreeBSD.ORG>
To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>,
	Peter Jeremy <PeterJeremy@optushome.com.au>,
	Giorgos Keramidas <keramida@FreeBSD.ORG>, freebsd-hackers@FreeBSD.ORG
Message-ID: <20041002190229.GB1029@VARK.MIT.EDU>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	Peter Jeremy <PeterJeremy@optushome.com.au>,
	Giorgos Keramidas <keramida@freebsd.org>, freebsd-hackers@freebsd.org
References: <20041002081928.GA21439@gothmog.gr>
	<20041002102918.W22102@fw.reifenberger.com>
	<20041002085143.GA52519@gothmog.gr>
	<20041002124349.GA21569@cirb503493.alcatel.com.au>
	<20041002164607.GD90985@madman.celabo.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041002164607.GD90985@madman.celabo.org>
Subject: Re: Protection from the dreaded "rm -fr /"
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Oct 2004 19:02:14 -0000

On Sat, Oct 02, 2004, Jacques A. Vidrine wrote:
> FWIW, I'm not in favor of adding ad-hoc "features" to handle edge-cases.
> ("feature" because this is actually introducing a bug :-)
> 
> I picked this email to which to respond, because I can share my own
> stupidity.  Case much like the one described above, but my cronjob
> included something like:
> 
>     cd /path/to/directory/with/temporary/files
>     rm -fr *
> 
> Only another admin removed
> `/path/to/directory/with/temporary/files'... so the `cd' failed
> and left the current directory as `/'.  For some reason the system
> crashed :-) ... and then crashed again a few days after restoring
> from backup... doh!
> 
> 
> Will the next step be to prevent `rm -fr *' iff the current working
> directory is '/' ?  Please explain your answer.  :-)

Hmm...good point.  Since we can never hope to cover *all* the ways
for people to shoot themselves in the foot, let's just take off
the existing seatbelts.  If people try to load old kernel modules,
the system will just crash.  If they try to mount a device twice,
it'll corrupt the filesystem.  And of course there's no need to
validate buffers passed to the kernel from root, much less even
check their length.