Protection from the dreaded "rm -fr /"
Giorgos Keramidas
keramida at freebsd.org
Sat Oct 2 02:06:40 PDT 2004
On 2004-10-02 11:51, Giorgos Keramidas <keramida at freebsd.org> wrote:
> On 2004-10-02 10:34, Michael Reifenberger <mike at reifenberger.com> wrote:
> >
> > This does only help for the obvious case of '/' but not for the
> > './' and '../' or '../../' ... accidents.
>
> Hmm, indeed. This can be fixed, but it might take a little thinking
> over about ways to implement it without adding too much overhead to the
> way rm(1) works now.
One way to do that is to use realpath(3), but I have to ask more
knowledgeable people about the comment immediately below my change:
%%%
Index: rm.c
===================================================================
RCS file: /home/ncvs/src/bin/rm/rm.c,v
retrieving revision 1.47
diff -u -r1.47 rm.c
--- rm.c 6 Apr 2004 20:06:50 -0000 1.47
+++ rm.c 2 Oct 2004 09:00:41 -0000
@@ -157,6 +157,8 @@
void
rm_tree(char **argv)
{
+ char *rpath;
+ char **argv_tmp;
FTS *fts;
FTSENT *p;
int needstat;
@@ -164,6 +166,20 @@
int rval;
/*
+ * If one of the members of argv[] is the root directory abort the
+ * entire operation.
+ */
+ rpath = malloc(PATH_MAX * sizeof(char));
+ if (rpath == NULL)
+ err(1, "malloc");
+ for (argv_tmp = argv; *argv_tmp != NULL; argv_tmp++) {
+ if (realpath(*argv_tmp, rpath) == NULL)
+ err(1, "%s", *argv_tmp);
+ if (strcmp(rpath, "/") == 0)
+ errx(1, "recursive rm of / is not allowed");
+ }
+
+ /*
* Remove a file hierarchy. If forcing removal (-f), or interactive
* (-i) or can't ask anyway (stdin_ok), don't stat the file.
*/
%%%
I'm a bit worried about the "don't stat the file" comment below. The
realpath(3) library function *does* stat the file when trying to find
its real pathname ;-/
More information about the freebsd-hackers
mailing list