From owner-freebsd-hackers@FreeBSD.ORG Sat Oct 2 08:51:48 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0411716A4CE for ; Sat, 2 Oct 2004 08:51:48 +0000 (GMT) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 537C543D31 for ; Sat, 2 Oct 2004 08:51:47 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from gothmog.gr (patr530-a232.otenet.gr [212.205.215.232]) i928piOn015016; Sat, 2 Oct 2004 11:51:45 +0300 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.13.1/8.13.1) with ESMTP id i928phm3063391; Sat, 2 Oct 2004 11:51:43 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from giorgos@localhost) by gothmog.gr (8.13.1/8.13.1/Submit) id i928ph58063389; Sat, 2 Oct 2004 11:51:43 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Sat, 2 Oct 2004 11:51:43 +0300 From: Giorgos Keramidas To: Michael Reifenberger Message-ID: <20041002085143.GA52519@gothmog.gr> References: <20041002081928.GA21439@gothmog.gr> <20041002102918.W22102@fw.reifenberger.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041002102918.W22102@fw.reifenberger.com> cc: freebsd-hackers@freebsd.org Subject: Re: Protection from the dreaded "rm -fr /" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Oct 2004 08:51:48 -0000 On 2004-10-02 10:34, Michael Reifenberger wrote: > On Sat, 2 Oct 2004, Giorgos Keramidas wrote: > >Date: Sat, 2 Oct 2004 11:19:28 +0300 > >From: Giorgos Keramidas > >To: freebsd-hackers@freebsd.org > >Subject: Protection from the dreaded "rm -fr /" > > > >John Beck, who works for Sun, has posted an entry in his blog yesterday > >about "rm -fr /" protection, which I liked a lot: > >http://blogs.sun.com/roller/page/jbeck/20041001#rm_rf_protection > > > >His idea was remarkably simple, so I went ahead and wrote this patch for > >rm(1) of FreeBSD: > > This does only help for the obvious case of '/' but not for the > './' and '../' or '../../' ... accidents. Hmm, indeed. This can be fixed, but it might take a little thinking over about ways to implement it without adding too much overhead to the way rm(1) works now. > Furthermore does it prevent root from doing `rm -rf /` which is a pretty > legal operation for root since he knows what he is doing. > > This is UNIX, not Windows. Yes, so? Does it mean we should always point guns at our feet and hope that we don't accidentally pull the trigger because some unlucky event made us jump a bit up? The reason I liked this idea is that root has zillions of other ways to destroy an entire system, but not many of them are likely to be the result of mistyping a single character as shown below: # rm -fr / home/someuser/* A single extra space can really wreak havoc in this case. If the real intention of the superuser is to delete everything, he can repartition his disk, he can dd if=/dev/zero of=/dev/ad0, he can do many things. Adding protection that prevents foot-shooting is not something without precedent to FreeBSD either: http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/boot0cfg/boot0cfg.c.diff?r1=1.13&r2=1.14 Having said that, if most people do like the change but there are others who don't, I can always make it work as before with a double -f option. - Giorgos