From owner-cvs-src@FreeBSD.ORG Tue Oct 31 02:22:37 2006 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4233216A403; Tue, 31 Oct 2006 02:22:37 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A85F543D4C; Tue, 31 Oct 2006 02:22:36 +0000 (GMT) (envelope-from delphij@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9V2MaS8046913; Tue, 31 Oct 2006 02:22:36 GMT (envelope-from delphij@repoman.freebsd.org) Received: (from delphij@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9V2Ma57046912; Tue, 31 Oct 2006 02:22:36 GMT (envelope-from delphij) Message-Id: <200610310222.k9V2Ma57046912@repoman.freebsd.org> From: Xin LI Date: Tue, 31 Oct 2006 02:22:36 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Cc: Subject: cvs commit: src/bin/rm rm.1 rm.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Oct 2006 02:22:37 -0000 delphij 2006-10-31 02:22:36 UTC FreeBSD src repository Modified files: bin/rm rm.1 rm.c Log: Correct a security issue introduced in previous commit: instead of removing the file and issue a warning about the removal, do not do any operation at all in case -P is specified when the dinode has hard links. With -f and -P specified together, we assume that the user wants rm to overwrite the contents of the file and remove it (destroy the contents of file but leave its hard links as is). The reason of doing it this way is that, in case where a hard link is created by a malicious user (currently this is permitted even if the user has no access to the file). Losing the link can potentially mean that the actual owner would lose control completely to the user who wants to obtain access in a future day. Discussed with: Peter Jermey Revision Changes Path 1.41 +9 -1 src/bin/rm/rm.1 1.58 +2 -2 src/bin/rm/rm.c