From owner-cvs-src@FreeBSD.ORG Mon Oct 30 09:40:57 2006 Return-Path: X-Original-To: cvs-src@FreeBSD.ORG Delivered-To: cvs-src@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B938416A407; Mon, 30 Oct 2006 09:40:57 +0000 (UTC) (envelope-from delphij@delphij.net) Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC86143D55; Mon, 30 Oct 2006 09:40:55 +0000 (GMT) (envelope-from delphij@delphij.net) Received: from localhost (tarsier.geekcn.org [210.51.165.229]) by tarsier.geekcn.org (Postfix) with ESMTP id F3782EB3B99; Mon, 30 Oct 2006 17:40:54 +0800 (CST) X-Virus-Scanned: amavisd-new at geekcn.org Received: from tarsier.geekcn.org ([210.51.165.229]) by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new, port 10024) with ESMTP id RUvsG6imZMSl; Mon, 30 Oct 2006 17:40:52 +0800 (CST) Received: from [10.217.12.47] (sina152-194.staff.sina.com.cn [61.135.152.194]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tarsier.geekcn.org (Postfix) with ESMTP id 8F3BAEB39AD; Mon, 30 Oct 2006 17:40:51 +0800 (CST) DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to:cc: subject:references:in-reply-to:x-enigmail-version:content-type; b=TRZtaKgDSfsGAuSnwZ5KFJcW5h2yv0U3TSkwV5WMKbinhOpF19NIDgyPNgc5nB6Wx X0WYfWkDWRT1/J1D7OmHQ== Message-ID: <4545C86A.1030008@delphij.net> Date: Mon, 30 Oct 2006 17:39:54 +0800 From: LI Xin Organization: The FreeBSD Project User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909) MIME-Version: 1.0 To: Peter Jeremy References: <200610300332.k9U3W9xF099044@repoman.freebsd.org> <20061030090054.GC871@turion.vk2pj.dyndns.org> In-Reply-To: <20061030090054.GC871@turion.vk2pj.dyndns.org> X-Enigmail-Version: 0.94.1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="------------enig0F4CF7E431D24B241E6A1D3B" Cc: freebsd-hackers@FreeBSD.org, src-committers@FreeBSD.ORG, Xin LI , cvs-all@FreeBSD.ORG, cvs-src@FreeBSD.ORG Subject: Re: [patch] rm can have undesired side-effects X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Oct 2006 09:40:57 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig0F4CF7E431D24B241E6A1D3B Content-Type: multipart/mixed; boundary="------------040408050409090307030603" This is a multi-part message in MIME format. --------------040408050409090307030603 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Peter Jeremy wrote: > On Mon, 2006-Oct-30 03:32:09 +0000, Xin LI wrote: >> Be more reasonable when overwrite mode is specified while there >> is hard links. Overwritting when links > 1 would cause data >> loss, which is usually undesired. >=20 > Another way of looking at it is that not overwriting when links > 1 > means that the data I thought I securely deleted is still present > somewhere on my computer and I have no easy way to find it. >=20 > I believe that this change creates a security hole and should be > reverted. It the user specified '-P', either the file should be > over-written or the file should be left untouched (not deleted). > This is the only way that the user can be protected both against > accidently over-writing a wanted file when an unwanted link is > removed and failing to over-write an unwanted file which had a > stray additional link. Well thought, I think that you are correct that specifying -P should do nothing but generate a warning. In addition to this I have changed the behavior a bit (patch attached) that, if -f is specified along with -P, the overwritten is happen and the link would be removed. Please let me know if you are happy with this change. Cheers, --=20 Xin LI http://www.delphij.net/ FreeBSD - The Power to Serve! --------------040408050409090307030603 Content-Type: text/plain; x-mac-type="0"; x-mac-creator="0"; name="patch-rm-P" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; filename="patch-rm-P" Index: rm.1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/bin/rm/rm.1,v retrieving revision 1.40 diff -u -r1.40 rm.1 --- rm.1 30 Oct 2006 03:32:09 -0000 1.40 +++ rm.1 30 Oct 2006 09:32:44 -0000 @@ -88,7 +88,9 @@ Overwrite regular files before deleting them. Files are overwritten three times, first with the byte pattern 0xff, then 0x00, and then 0xff again, before they are deleted. -Files with multiple links will not be overwritten. +Files with multiple links will not be overwritten nor deleted unless +.Fl f +is specified. .Pp Specifying this flag for a read only file will cause .Nm Index: rm.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/src/bin/rm/rm.c,v retrieving revision 1.57 diff -u -r1.57 rm.c --- rm.c 30 Oct 2006 03:32:09 -0000 1.57 +++ rm.c 30 Oct 2006 09:31:35 -0000 @@ -400,10 +400,10 @@ } if (!S_ISREG(sbp->st_mode)) return (1); - if (sbp->st_nlink > 1) { + if (sbp->st_nlink > 1 && !fflag) { warnx("%s (inode %u): not overwritten due to multiple links", file, sbp->st_ino); - return (1); + return (0); } if ((fd =3D open(file, O_WRONLY, 0)) =3D=3D -1) goto err; --------------040408050409090307030603-- --------------enig0F4CF7E431D24B241E6A1D3B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFRchqOfuToMruuMARA6CjAJ9izk7Xx8OTJoI7FsNbcwjw7U+zsQCeNVIk fVqlx+6bPHhhKLOOC2sOJeA= =QxMv -----END PGP SIGNATURE----- --------------enig0F4CF7E431D24B241E6A1D3B--