Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Oct 2006 20:51:05 +0800
From:      LI Xin <delphij@delphij.net>
To:        Peter Jeremy <peterjeremy@optushome.com.au>
Cc:        freebsd-hackers@freebsd.org, perryh@pluto.rain.com
Subject:   Re: [patch] rm can have undesired side-effects
Message-ID:  <4545F539.90704@delphij.net>
In-Reply-To: <20061030103151.GD871@turion.vk2pj.dyndns.org>
References:  <20061029222847.GA68272@marvin.astase.com>	<20061030003628.42bc5f8d@loki.starkstrom.lan>	<45455f6a.yNcc0kkyEKpoRv3m%perryh@pluto.rain.com>	<20061030083849.GB871@turion.vk2pj.dyndns.org> <20061030103151.GD871@turion.vk2pj.dyndns.org>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
Peter Jeremy wrote:
> On Mon, 2006-Oct-30 19:38:49 +1100, Peter Jeremy wrote:
>> the user is unaware that there are multiple links.  I don't think
>> that just unlinking the file and issuing a warning is a good solution
>> because it's then virtually impossible to locate the other copy(s)
>> of the file, which remains viewable.
> 
> I missed the fact that the warning message includes the inode number.
> My apologies.  This reduces "virtually impossible" to "hard".
> 
> I still think this current behaviour is undesirable and a security
> hole.  Maybe someone from the SO team would like to offer their
> opinion - I might just have my tinfoil hat on too tight tonight.

I think the concern of the removal is perfectly valid.  It's possible
that someone run:

find secret/ -type f -exec rm {} +

and there are zillions of files in secret/, causing the warning to be
scrolled over.  Also, it's possible that there is places that the user
can not enter.  Therefore, I agree that my checkin has introduced a
security hole and we should fix it.  I have posted a possible patch here
and to cvs-all@ for review.

Cheers,
-- 
Xin LI <delphij@delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFRfU5OfuToMruuMARAyiJAJsEQaJfYSTDGNaBWYTyPbXrINqwAQCgjTFn
mxIBWAa/jNuViRTOkaukyW8=
=DUcK
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4545F539.90704>