From owner-svn-src-all@FreeBSD.ORG Sun Oct 31 09:21:28 2010 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 52337106566C; Sun, 31 Oct 2010 09:21:28 +0000 (UTC) (envelope-from uqs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 4160E8FC16; Sun, 31 Oct 2010 09:21:28 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o9V9LSLT075410; Sun, 31 Oct 2010 09:21:28 GMT (envelope-from uqs@svn.freebsd.org) Received: (from uqs@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o9V9LSo4075408; Sun, 31 Oct 2010 09:21:28 GMT (envelope-from uqs@svn.freebsd.org) Message-Id: <201010310921.o9V9LSo4075408@svn.freebsd.org> From: Ulrich Spoerlein Date: Sun, 31 Oct 2010 09:21:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r214596 - head/bin/rm X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Oct 2010 09:21:28 -0000 Author: uqs Date: Sun Oct 31 09:21:27 2010 New Revision: 214596 URL: http://svn.freebsd.org/changeset/base/214596 Log: Elaborate some more on the non-security implications of using -P Submitted by: delphij Discussion at: svn-src-all Modified: head/bin/rm/rm.1 Modified: head/bin/rm/rm.1 ============================================================================== --- head/bin/rm/rm.1 Sun Oct 31 09:05:04 2010 (r214595) +++ head/bin/rm/rm.1 Sun Oct 31 09:21:27 2010 (r214596) @@ -32,7 +32,7 @@ .\" @(#)rm.1 8.5 (Berkeley) 12/5/94 .\" $FreeBSD$ .\" -.Dd October 8, 2010 +.Dd October 31, 2010 .Dt RM 1 .Os .Sh NAME @@ -100,6 +100,11 @@ Specifying this flag for a read only fil .Nm to generate an error message and exit. The file will not be removed or overwritten. +.Pp +N.B.: The +.Fl P +flag is not considered a security feature +.Pq see Sx BUGS . .It Fl R Attempt to remove the file hierarchy rooted in each .Ar file @@ -229,8 +234,12 @@ command appeared in .Sh BUGS The .Fl P -option assumes that the underlying file system updates existing blocks -in-place and does not store new data in a new location. -This is true for UFS, but not for ZFS or other file systems which use -copy-on-write semantics. -In addition, only regular files are overwritten. +option assumes that the underlying storage overwrites file block +when data is written to an existing offset. +Several factors including the file system and its backing store could defeat +this assumption. +This includes, but is not limited to file systems that use a +Copy-On-Write strategy (e.g. ZFS or UFS when snapshots are being used), Flash +media that is using a wear leveling algorithm, or when the backing datastore +does journaling, etc. +In addition, only regular files are overwritten, other types of files are not.