Date: Mon, 4 Mar 2013 14:50:01 GMT From: Giorgos Keramidas <keramida@FreeBSD.org> To: freebsd-standards@FreeBSD.org Subject: Re: standards/176412: newfs writes by default, compare to bsdlabel/disklabel. Message-ID: <201303041450.r24Eo1fC081901@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR standards/176412; it has been noted by GNATS.
From: Giorgos Keramidas <keramida@FreeBSD.org>
To: root@ai1.alaska.net
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: standards/176412: newfs writes by default, compare to
bsdlabel/disklabel.
Date: Mon, 4 Mar 2013 15:47:34 +0100
On 2013-02-24 15:31, root@ai1.alaska.net wrote:
> >Number: 176412
> >Category: standards
> >Synopsis: newfs writes by default, compare to bsdlabel/disklabel.
>
> fdisk/bsdlabel will not write to a drive by default, and require
> special options to do so, yet newfs will destroy an entire drive,
> easily and accidently, unlike other dangerous utilities. This can
> cause severe problems when a user only wants newfs to read and report
> superblocks, and in utilizing the command, may easily forget the -N
> option, whereafter, the user loses his entire drive and all data. It
> is also easy to be careless with newfs when previously, fdisk/bsdlabel
> are used without worry of accidental destructive writes to a drive.
>
> Play with newfs to read superblocks on a drive, and while
> experimenting with options, forget the -N option one time, and your
> drive and data are lost forever.
>
> It would be consistent with dangerous utilities like fdisk/bsdlabel
> for newfs to read by default, and only write when a user clearly
> demands such functionality. There is no good reason for newfs to
> operate otherwise. It's an accident waiting to happen, almost as if
> deliberately.
newfs is not the only utility that can 'write by default' on a raw disk,
possibly overwriting important data. dd(1), cat(1) and pretty much any
other tool that can be pointed at a disk can do the same. For instance
it's always possible to write the wrong disk number in commands like:
dd bs=4m if=imagefile.bin of=/dev/ada1
ssh remotehost 'cat imagefile.bin' | tee /dev/ada0
The -N option is fine in newfs as an equivalent of --dry-run in other
tools, but I don't think it makes sense to break compatibility with
almost 40 years of history just because it can be unsafe if misused.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201303041450.r24Eo1fC081901>