Date: Sun, 14 May 1995 20:32:07 -0500 (CDT) From: Peter da Silva <peter@bonkers.taronga.com> To: jtk@kolvir.blrc.ma.us Cc: seebs@solon.com, netbsd-bugs@netbsd.org, freebsd-hackers@FreeBSD.org Subject: Re: kern/1043: unlink(2) should not let superuser remove directories Message-ID: <199505150132.UAA23724@bonkers.taronga.com> In-Reply-To: <199505141953.PAA04095@kolvir.blrc.ma.us> from "John Kohl" at May 14, 95 03:53:06 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> That's an argument for using fsdb, not to let root run rampant causing > file system corruption. Using fsdb makes it absolutely clear that > you're intentionally doing something dangerous. Using unlink(2) on > directories is just the _Wrong Way_ to fix a damaged/broken filesystem! If that's the only thing wrong with the file system, I'd rather use link and unlink and clri and fsck than dive into fdsb... and I've been doing this for fifteen years. Fsdb will let you totally screw your filesystem to the point where you have to reinstall faster than you can say jack robinson. Fsdb is a tool of last resort, like using adb on a running kernel (which I've done too, now that I think of it). Link and unlink take some effort to produce that level of brokenness... because they work through the file system, and won't *create* half-broken inodes if there aren't any there already. In any case, I have real strong philosophical problems with removing the ability of root to do *anything*... not just link and unlink directories. Yes, we have symlinks now. Yes, you 99% of the time don't want to do that. Yes, you can create inconsistent directory structures this way... but as far as I'm concerned you might as well issue a patch that prevents you from creating files and directories with control characters or shell metacharacters in them.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199505150132.UAA23724>