[patch] rm can have undesired side-effects
Simon L. Nielsen
simon at FreeBSD.org
Mon Oct 30 20:20:33 UTC 2006
On 2006.10.30 21:31:51 +1100, Peter Jeremy wrote:
> On Mon, 2006-Oct-30 19:38:49 +1100, Peter Jeremy wrote:
> >the user is unaware that there are multiple links. I don't think
> >that just unlinking the file and issuing a warning is a good solution
> >because it's then virtually impossible to locate the other copy(s)
> >of the file, which remains viewable.
>
> I missed the fact that the warning message includes the inode number.
> My apologies. This reduces "virtually impossible" to "hard".
>
> I still think this current behaviour is undesirable and a security
> hole. Maybe someone from the SO team would like to offer their
> opinion - I might just have my tinfoil hat on too tight tonight.
<With hat "paranoid dude", and not any official FreeBSD hat - I don't
care to think this through enough to say anything with a FreeBSD hat
for the time being, on this topic>
Personally I think rm should do what you ask it to do - if you ask it
to overwrite a file which has multiple links, well... though luck. I
guess rm exiting for antifootshoot without -f can be OK, that's still
very visible to the user. What's currently in -CURRENT is probably a
bad idea since you might end up with a file which you thought you had
deleted, but in fact you haven't.
That said, I wouldn't trust -P to _really_ remove the content of the
files anyway, so personally I don't really care much. If you want the
file to be gone, use encryption in the first place, or use apropriate
tool (hammer, axe, C4, etc.).
</>
--
Simon L. Nielsen
More information about the freebsd-hackers
mailing list