Date: Tue, 31 Oct 2006 02:22:36 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/bin/rm rm.1 rm.c Message-ID: <200610310222.k9V2Ma57046912@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
delphij 2006-10-31 02:22:36 UTC
FreeBSD src repository
Modified files:
bin/rm rm.1 rm.c
Log:
Correct a security issue introduced in previous commit:
instead of removing the file and issue a warning about
the removal, do not do any operation at all in case -P
is specified when the dinode has hard links.
With -f and -P specified together, we assume that the
user wants rm to overwrite the contents of the file
and remove it (destroy the contents of file but leave
its hard links as is).
The reason of doing it this way is that, in case where
a hard link is created by a malicious user (currently
this is permitted even if the user has no access to the
file). Losing the link can potentially mean that the
actual owner would lose control completely to the user
who wants to obtain access in a future day.
Discussed with: Peter Jermey
Revision Changes Path
1.41 +9 -1 src/bin/rm/rm.1
1.58 +2 -2 src/bin/rm/rm.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610310222.k9V2Ma57046912>