From owner-freebsd-hackers@FreeBSD.ORG Fri Nov 21 04:45:26 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 78C1816A4CE; Fri, 21 Nov 2003 04:45:26 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B27B43F85; Fri, 21 Nov 2003 04:45:22 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 106433ABB4E; Fri, 21 Nov 2003 13:43:51 +0100 (CET) Date: Fri, 21 Nov 2003 13:43:50 +0100 From: Pawel Jakub Dawidek To: Dag-Erling Sm?rgrav Message-ID: <20031121124350.GT511@garage.freebsd.pl> References: <20031119003133.18473.qmail@web11404.mail.yahoo.com> <200311201327.29226.wes@softweyr.com> <20031121095939.GS511@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="FZIkiClxIZ9JeWSb" Content-Disposition: inline In-Reply-To: X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE-p13 i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: Rayson Ho cc: phk@freebsd.org cc: freebsd-hackers@freebsd.org Subject: Re: "secure" file flag? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Nov 2003 12:45:26 -0000 --FZIkiClxIZ9JeWSb Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 21, 2003 at 12:41:05PM +0100, Dag-Erling Sm?rgrav wrote: +> > If this operation is able to fail (and of course it is) it should block +> > on unlink(2). +>=20 +> FreeBSD is not DOS; unlink(2) does not actually remove the file. It +> is removed by the filesystem if the link count is zero when the vnode +> is released, which may be immediately after the unlink(2) call, or an +> indefinite amount of time later if the file was open at the time. I'm aware of this, but what we want to think over here is something like in-kernel 'rm -P'. So file will be overwriten even if it is opened and/or link count is grater than 0. That's why allowing link(2) operation for such files don't make much sens (the problem exists when there are hardlinks before "secure" flag is set). --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --FZIkiClxIZ9JeWSb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP74Ihj/PhmMH/Mf1AQEXZAP/Y2x+EpADzKuQoJktUo7k+rXYYJY4izp6 p6XUXH01dMGZyLbQ06cGFa/klGQyb4aN6VtnPrnDrbil/yjvf5e6Xl0uM2yL5fD4 k5r4m3R30zESQSXJdA2cVr4iXtRKpLEe91VU8oDb7WEtQDhDJe5RX+eEqyxAhznQ 96scgU0CvAo= =5F+K -----END PGP SIGNATURE----- --FZIkiClxIZ9JeWSb--