Date: Sun, 29 Oct 2006 18:11:54 -0800 From: perryh@pluto.rain.com To: elessar@bsdforen.de Cc: freebsd-hackers@freebsd.org Subject: Re: [patch] rm can have undesired side-effects Message-ID: <45455f6a.yNcc0kkyEKpoRv3m%perryh@pluto.rain.com> In-Reply-To: <20061030003628.42bc5f8d@loki.starkstrom.lan> References: <20061029222847.GA68272@marvin.astase.com> <20061030003628.42bc5f8d@loki.starkstrom.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
> ... deleted files are lost. Not if another hard link exists! I think a very strong case can be made that the *intent* of -P -- to prevent retrieval of the contents by reading the filesystem's free space -- implies that it should affect only the "real" removal of the file, when its blocks are released because the link count has become zero. At that point, we by definition are only wiping out data which is eligible to be overwritten by any process that happens to be allocating space on the same filesystem, and which can no longer be read by "normal" filesystem operations, anyway. In this interpretation, "rm -P" when the link count exceeds 1 is an erroneous command. I'd at least allow rm -P to wipe a file with a non-zero remaining link count only under the same restrictions applied to files that are not writable by the invoker of rm.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45455f6a.yNcc0kkyEKpoRv3m%perryh>