From owner-freebsd-hackers@FreeBSD.ORG Sun Oct 3 03:09:48 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DB7F16A4CE for ; Sun, 3 Oct 2004 03:09:48 +0000 (GMT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8E6743D1D for ; Sun, 3 Oct 2004 03:09:47 +0000 (GMT) (envelope-from tillman@seekingfire.com) Received: by mail.seekingfire.com (Postfix, from userid 500) id 13BD82D6; Sat, 2 Oct 2004 21:09:47 -0600 (CST) Date: Sat, 2 Oct 2004 21:09:46 -0600 From: Tillman Hodgson To: freebsd-hackers@freebsd.org Message-ID: <20041003030946.GV35869@seekingfire.com> References: <20041002175517.GA2230@gothmog.gr> <20041002204851.K24332@fw.reifenberger.com> <20041002210554.GS35869@seekingfire.com> <20041002.192951.35870461.imp@bsdimp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041002.192951.35870461.imp@bsdimp.com> X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to . X-GPG-Key-ID: 828AFC7B X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68 F543 0F0A 7FBC 828A FC7B X-GPG-Key: http://www.seekingfire.com/gpg_key.asc X-Urban-Legend: There is lots of hidden information in headers User-Agent: Mutt/1.5.6i Subject: Re: Protection from the dreaded "rm -fr /" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Oct 2004 03:09:48 -0000 On Sat, Oct 02, 2004 at 07:29:51PM -0600, M. Warner Losh wrote: > In message: <20041002210554.GS35869@seekingfire.com> > Tillman Hodgson writes: > : It'll never work, though, that's the thing. At some point it'll rm > : something it itself needs and error out. There isn't a way to use `rm > : -rf /` that /doesn't/ result in foot-shooting. > > No. You are wrong. if you rm -rf in a chroot, then it won't result > in foot shooting, necessarily, like it would outside a chroot. If you're chrooted, where is the rm binary and associated libraries? They're in the chroot, in a branch off hte virtual / tree root. `rm -rf /`, even in chroot, won't delete everything that the command looks like it will. At the very least the final unlink, that of / itself, will likely result in undefined behaviour. Where do the dev's go if there's no / to root them in? etc etc. -T -- "Waking a person unnecessarily should not be considered a capital crime. For a first offense, that is." -- Robert Heinlein