From owner-freebsd-hackers@FreeBSD.ORG Mon Oct 30 20:20:33 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7880316A4A0 for ; Mon, 30 Oct 2006 20:20:33 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC81143D49 for ; Mon, 30 Oct 2006 20:20:32 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 26C9D386C03; Mon, 30 Oct 2006 20:20:02 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 0F26D1141D; Mon, 30 Oct 2006 21:20:31 +0100 (CET) Date: Mon, 30 Oct 2006 21:20:31 +0100 From: "Simon L. Nielsen" To: Peter Jeremy Message-ID: <20061030202030.GB1043@zaphod.nitro.dk> References: <20061029222847.GA68272@marvin.astase.com> <20061030003628.42bc5f8d@loki.starkstrom.lan> <45455f6a.yNcc0kkyEKpoRv3m%perryh@pluto.rain.com> <20061030083849.GB871@turion.vk2pj.dyndns.org> <20061030103151.GD871@turion.vk2pj.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061030103151.GD871@turion.vk2pj.dyndns.org> User-Agent: Mutt/1.5.11 Cc: freebsd-hackers@freebsd.org, perryh@pluto.rain.com Subject: Re: [patch] rm can have undesired side-effects X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Oct 2006 20:20:33 -0000 On 2006.10.30 21:31:51 +1100, Peter Jeremy wrote: > On Mon, 2006-Oct-30 19:38:49 +1100, Peter Jeremy wrote: > >the user is unaware that there are multiple links. I don't think > >that just unlinking the file and issuing a warning is a good solution > >because it's then virtually impossible to locate the other copy(s) > >of the file, which remains viewable. > > I missed the fact that the warning message includes the inode number. > My apologies. This reduces "virtually impossible" to "hard". > > I still think this current behaviour is undesirable and a security > hole. Maybe someone from the SO team would like to offer their > opinion - I might just have my tinfoil hat on too tight tonight. Personally I think rm should do what you ask it to do - if you ask it to overwrite a file which has multiple links, well... though luck. I guess rm exiting for antifootshoot without -f can be OK, that's still very visible to the user. What's currently in -CURRENT is probably a bad idea since you might end up with a file which you thought you had deleted, but in fact you haven't. That said, I wouldn't trust -P to _really_ remove the content of the files anyway, so personally I don't really care much. If you want the file to be gone, use encryption in the first place, or use apropriate tool (hammer, axe, C4, etc.). -- Simon L. Nielsen