Protection from the dreaded "rm -fr /"

David Schultz das at FreeBSD.ORG
Sat Oct 2 12:02:14 PDT 2004


On Sat, Oct 02, 2004, Jacques A. Vidrine wrote:
> FWIW, I'm not in favor of adding ad-hoc "features" to handle edge-cases.
> ("feature" because this is actually introducing a bug :-)
> 
> I picked this email to which to respond, because I can share my own
> stupidity.  Case much like the one described above, but my cronjob
> included something like:
> 
>     cd /path/to/directory/with/temporary/files
>     rm -fr *
> 
> Only another admin removed
> `/path/to/directory/with/temporary/files'... so the `cd' failed
> and left the current directory as `/'.  For some reason the system
> crashed :-) ... and then crashed again a few days after restoring
> from backup... doh!
> 
> 
> Will the next step be to prevent `rm -fr *' iff the current working
> directory is '/' ?  Please explain your answer.  :-)

Hmm...good point.  Since we can never hope to cover *all* the ways
for people to shoot themselves in the foot, let's just take off
the existing seatbelts.  If people try to load old kernel modules,
the system will just crash.  If they try to mount a device twice,
it'll corrupt the filesystem.  And of course there's no need to
validate buffers passed to the kernel from root, much less even
check their length.


More information about the freebsd-hackers mailing list