Date: Mon, 30 Oct 2006 17:39:54 +0800 From: LI Xin <delphij@delphij.net> To: Peter Jeremy <peterjeremy@optushome.com.au> Cc: freebsd-hackers@FreeBSD.org, src-committers@FreeBSD.ORG, Xin LI <delphij@FreeBSD.ORG>, cvs-all@FreeBSD.ORG, cvs-src@FreeBSD.ORG Subject: Re: [patch] rm can have undesired side-effects Message-ID: <4545C86A.1030008@delphij.net> In-Reply-To: <20061030090054.GC871@turion.vk2pj.dyndns.org> References: <200610300332.k9U3W9xF099044@repoman.freebsd.org> <20061030090054.GC871@turion.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig0F4CF7E431D24B241E6A1D3B Content-Type: multipart/mixed; boundary="------------040408050409090307030603" This is a multi-part message in MIME format. --------------040408050409090307030603 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Peter Jeremy wrote: > On Mon, 2006-Oct-30 03:32:09 +0000, Xin LI wrote: >> Be more reasonable when overwrite mode is specified while there >> is hard links. Overwritting when links > 1 would cause data >> loss, which is usually undesired. >=20 > Another way of looking at it is that not overwriting when links > 1 > means that the data I thought I securely deleted is still present > somewhere on my computer and I have no easy way to find it. >=20 > I believe that this change creates a security hole and should be > reverted. It the user specified '-P', either the file should be > over-written or the file should be left untouched (not deleted). > This is the only way that the user can be protected both against > accidently over-writing a wanted file when an unwanted link is > removed and failing to over-write an unwanted file which had a > stray additional link. Well thought, I think that you are correct that specifying -P should do nothing but generate a warning. In addition to this I have changed the behavior a bit (patch attached) that, if -f is specified along with -P, the overwritten is happen and the link would be removed. Please let me know if you are happy with this change. Cheers, --=20 Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! --------------040408050409090307030603 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="patch-rm-P" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="patch-rm-P" Index: rm.1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/bin/rm/rm.1,v retrieving revision 1.40 diff -u -r1.40 rm.1 --- rm.1 30 Oct 2006 03:32:09 -0000 1.40 +++ rm.1 30 Oct 2006 09:32:44 -0000 @@ -88,7 +88,9 @@ Overwrite regular files before deleting them. Files are overwritten three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted. -Files with multiple links will not be overwritten. +Files with multiple links will not be overwritten nor deleted unless +.Fl f +is specified. .Pp Specifying this flag for a read only file will cause .Nm Index: rm.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/bin/rm/rm.c,v retrieving revision 1.57 diff -u -r1.57 rm.c --- rm.c 30 Oct 2006 03:32:09 -0000 1.57 +++ rm.c 30 Oct 2006 09:31:35 -0000 @@ -400,10 +400,10 @@ } if (!S_ISREG(sbp->st_mode)) return (1); - if (sbp->st_nlink > 1) { + if (sbp->st_nlink > 1 && !fflag) { warnx("%s (inode %u): not overwritten due to multiple links", file, sbp->st_ino); - return (1); + return (0); } if ((fd =3D open(file, O_WRONLY, 0)) =3D=3D -1) goto err; --------------040408050409090307030603-- --------------enig0F4CF7E431D24B241E6A1D3B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFRchqOfuToMruuMARA6CjAJ9izk7Xx8OTJoI7FsNbcwjw7U+zsQCeNVIk fVqlx+6bPHhhKLOOC2sOJeA= =QxMv -----END PGP SIGNATURE----- --------------enig0F4CF7E431D24B241E6A1D3B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4545C86A.1030008>