From owner-freebsd-hackers@FreeBSD.ORG  Sat Oct  2 20:49:54 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7E8A216A4CE; Sat,  2 Oct 2004 20:49:54 +0000 (GMT)
Received: from mailout11.sul.t-online.com (mailout11.sul.t-online.com
	[194.25.134.85])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 0DB4A43D2D; Sat,  2 Oct 2004 20:49:54 +0000 (GMT)
	(envelope-from mike@reifenberger.com)
Received: from fwd10.aul.t-online.de 
	by mailout11.sul.t-online.com with smtp 
	id 1CDqpE-0000v7-00; Sat, 02 Oct 2004 22:49:52 +0200
Received: from fw.reifenberger.com
	(XdwUWEZToeg-ms2QQQLq9GYikBc1MlWY+vD-G2+qy3rCX1mF-xIeY6@[217.232.221.224]) by
	fmrl10.sul.t-online.com
	with esmtp id 1CDqp0-0K0AZU0; Sat, 2 Oct 2004 22:49:38 +0200
Received: from localhost (mike@localhost)i92KnbBk024804;
	Sat, 2 Oct 2004 22:49:37 +0200 (CEST)
	(envelope-from mike@reifenberger.com)
X-Authentication-Warning: fw.reifenberger.com: mike owned process doing -bs
Date: Sat, 2 Oct 2004 22:49:37 +0200 (CEST)
From: Michael Reifenberger <mike@Reifenberger.com>
To: David Schultz <das@FreeBSD.ORG>
In-Reply-To: <20041002201211.GA1677@VARK.MIT.EDU>
Message-ID: <20041002224230.T24332@fw.reifenberger.com>
References: <20041002081928.GA21439@gothmog.gr>
	<20041002102918.W22102@fw.reifenberger.com>
	<20041002211759.R24332@fw.reifenberger.com>
	<20041002201211.GA1677@VARK.MIT.EDU>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-ID: XdwUWEZToeg-ms2QQQLq9GYikBc1MlWY+vD-G2+qy3rCX1mF-xIeY6@t-dialin.net
X-TOI-MSGID: 993cfe92-ea30-4cce-833c-6d8c5d887c10
cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: Protection from the dreaded "rm -fr /"
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Oct 2004 20:49:54 -0000

On Sat, 2 Oct 2004, David Schultz wrote:

> Date: Sat, 2 Oct 2004 16:12:11 -0400
> From: David Schultz <das@FreeBSD.ORG>
> To: Michael Reifenberger <mike@Reifenberger.com>
> Cc: freebsd-hackers@FreeBSD.ORG
> Subject: Re: Protection from the dreaded "rm -fr /"
> 
> On Sat, Oct 02, 2004, Michael Reifenberger wrote:
>> On Sat, 2 Oct 2004, David Schultz wrote:
>> ...
>>> Do you also want to be able to swap to the root partition while
>>> it's mounted?  We can bring back that feature, too.  But
>>> personally, I don't see anything wrong with the view that
>>> operations that are guaranteed to shoot people in the foot should
>>> be disallowed.
>>>
>>
>> Every anti foot shooting takes time to check for.
>> A strncmp for every arg is maybe ok. Traversing the tree for realpath is
>> not.
>> The job for `rm` is to remove whatever it is given to get removed.
>> As fast as possible. Nothing else.
>
> Sigh.  The original patch that just used strcmp() wouldn't have
> increased the time to execute rm by more than a few hundred
> nanoseconds.
>

Wasn't there a discussion recently to increase ARG_MAX...?
:-)


Bye/2
---
Michael Reifenberger, Business Development Manager SAP-Basis, Plaut Consulting
Comp: Michael.Reifenberger@plaut.de | Priv: Michael@Reifenberger.com
       http://www.plaut.de           |       http://www.Reifenberger.com