From owner-cvs-src@FreeBSD.ORG  Tue Oct 31 02:22:37 2006
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4233216A403;
	Tue, 31 Oct 2006 02:22:37 +0000 (UTC)
	(envelope-from delphij@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A85F543D4C;
	Tue, 31 Oct 2006 02:22:36 +0000 (GMT)
	(envelope-from delphij@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9V2MaS8046913;
	Tue, 31 Oct 2006 02:22:36 GMT
	(envelope-from delphij@repoman.freebsd.org)
Received: (from delphij@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9V2Ma57046912;
	Tue, 31 Oct 2006 02:22:36 GMT (envelope-from delphij)
Message-Id: <200610310222.k9V2Ma57046912@repoman.freebsd.org>
From: Xin LI <delphij@FreeBSD.org>
Date: Tue, 31 Oct 2006 02:22:36 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/bin/rm rm.1 rm.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2006 02:22:37 -0000

delphij     2006-10-31 02:22:36 UTC

  FreeBSD src repository

  Modified files:
    bin/rm               rm.1 rm.c 
  Log:
  Correct a security issue introduced in previous commit:
  instead of removing the file and issue a warning about
  the removal, do not do any operation at all in case -P
  is specified when the dinode has hard links.
  
  With -f and -P specified together, we assume that the
  user wants rm to overwrite the contents of the file
  and remove it (destroy the contents of file but leave
  its hard links as is).
  
  The reason of doing it this way is that, in case where
  a hard link is created by a malicious user (currently
  this is permitted even if the user has no access to the
  file).  Losing the link can potentially mean that the
  actual owner would lose control completely to the user
  who wants to obtain access in a future day.
  
  Discussed with: Peter Jermey
  
  Revision  Changes    Path
  1.41      +9 -1      src/bin/rm/rm.1
  1.58      +2 -2      src/bin/rm/rm.c