From owner-freebsd-hackers@FreeBSD.ORG  Sun Oct  3 18:29:08 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C5BFB16A4CE
	for <freebsd-hackers@freebsd.org>;
	Sun,  3 Oct 2004 18:29:08 +0000 (GMT)
Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C4EAF43D3F
	for <freebsd-hackers@freebsd.org>;
	Sun,  3 Oct 2004 18:29:07 +0000 (GMT)	(envelope-from marck@rinet.ru)
Received: from localhost (localhost [127.0.0.1])
	by woozle.rinet.ru (8.13.1/8.13.1) with ESMTP id i93ISv6e015435;
	Sun, 3 Oct 2004 22:28:57 +0400 (MSD)
	(envelope-from marck@rinet.ru)
Date: Sun, 3 Oct 2004 22:28:57 +0400 (MSD)
From: Dmitry Morozovsky <marck@rinet.ru>
To: "M. Warner Losh" <imp@bsdimp.com>
In-Reply-To: <20041003.113739.95785967.imp@bsdimp.com>
Message-ID: <20041003222523.J9166@woozle.rinet.ru>
References: <20041002210554.GS35869@seekingfire.com>
	<20041002.192951.35870461.imp@bsdimp.com>
	<20041003.113739.95785967.imp@bsdimp.com>
X-NCC-RegID: ru.rinet
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-hackers@freebsd.org
Subject: Re: Protection from the dreaded "rm -fr /"
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Oct 2004 18:29:08 -0000

On Sun, 3 Oct 2004, M. Warner Losh wrote:

[snip]

MWL> rm doesn't have to live in the chroot.  Consider
MWL> 	chroot /some/path/to/a/chroot rm -rf /
MWL> in this case, everything under the /some/path/to/a/chroot would be
MWL> removed.  However, the rm that's running is outside of the chroot.

Not to be too nit-picking, but this is not true, as far as I can understand
chroot(8) and chroot(2) ;-)

However, since rm is usually statically linked and/or all needed code segments
are referenced during rm work are loaded/referenced, this operation finishes
successfully (just checked on 4-STABLE and -CURRENT).

... and no, I do *NOT* want to participate in this bikesched color discussion!
;-P


Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------