Re: [patch] rm can have undesired side-effects

Mon, 30 Oct 2006 01:44:39 -0800 

Peter Jeremy wrote:
> On Mon, 2006-Oct-30 03:32:09 +0000, Xin LI wrote:
>>  Be more reasonable when overwrite mode is specified while there
>>  is hard links.  Overwritting when links > 1 would cause data
>>  loss, which is usually undesired.
> 
> Another way of looking at it is that not overwriting when links > 1
> means that the data I thought I securely deleted is still present
> somewhere on my computer and I have no easy way to find it.
> 
> I believe that this change creates a security hole and should be
> reverted.  It the user specified '-P', either the file should be
> over-written or the file should be left untouched (not deleted).
> This is the only way that the user can be protected both against
> accidently over-writing a wanted file when an unwanted link is
> removed and failing to over-write an unwanted file which had a
> stray additional link.

Well thought, I think that you are correct that specifying -P should do
nothing but generate a warning.

In addition to this I have changed the behavior a bit (patch attached)
that, if -f is specified along with -P, the overwritten is happen and
the link would be removed.  Please let me know if you are happy with
this change.

Cheers,
-- 
Xin LI <[EMAIL PROTECTED]>      http://www.delphij.net/
FreeBSD - The Power to Serve!

Index: rm.1
===================================================================
RCS file: /home/ncvs/src/bin/rm/rm.1,v
retrieving revision 1.40
diff -u -r1.40 rm.1
--- rm.1        30 Oct 2006 03:32:09 -0000      1.40
+++ rm.1        30 Oct 2006 09:32:44 -0000
@@ -88,7 +88,9 @@
 Overwrite regular files before deleting them.
 Files are overwritten three times, first with the byte pattern 0xff,
 then 0x00, and then 0xff again, before they are deleted.
-Files with multiple links will not be overwritten.
+Files with multiple links will not be overwritten nor deleted unless
+.Fl f
+is specified.
 .Pp
 Specifying this flag for a read only file will cause
 .Nm
Index: rm.c
===================================================================
RCS file: /home/ncvs/src/bin/rm/rm.c,v
retrieving revision 1.57
diff -u -r1.57 rm.c
--- rm.c        30 Oct 2006 03:32:09 -0000      1.57
+++ rm.c        30 Oct 2006 09:31:35 -0000
@@ -400,10 +400,10 @@
        }
        if (!S_ISREG(sbp->st_mode))
                return (1);
-       if (sbp->st_nlink > 1) {
+       if (sbp->st_nlink > 1 && !fflag) {
                warnx("%s (inode %u): not overwritten due to multiple links",
                    file, sbp->st_ino);
-               return (1);
+               return (0);
        }
        if ((fd = open(file, O_WRONLY, 0)) == -1)
                goto err;

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to