Re: Protection from the dreaded "rm -fr /"
From: Ceri Davies (ceri_at_submonkey.net)
Date: Sat, 2 Oct 2004 23:00:35 +0100 To: Garance A Drosihn <firstname.lastname@example.org>
On Sat, Oct 02, 2004 at 05:22:50PM -0400, Garance A Drosihn wrote:
> At 8:57 PM +0300 10/2/04, Giorgos Keramidas wrote:
> >On 2004-10-02 21:23, Lee Harr <email@example.com> wrote:
> > > > John Beck, who works for Sun, has posted an entry in his blog
> > > > yesterday about "rm -fr /" protection, which I liked a lot:
> > > >
> > > > http://blogs.sun.com/roller/page/jbeck/20041001#rm_rf_protection
> >> >
> > > > His idea was remarkably simple, so I went ahead and wrote this
> > > > patch for rm(1) of FreeBSD:
> > >
> >> How about:
> >> chflags sunlnk /
> >> ?
> >Setting sunlink on / will only protect the / directory, not its
> >descendants, so you don't gain much.
> We could add a new flag "srunlnk", or maybe even "srm-r". The "rm"
> command will always have to stat() the file it is given (just to
> see if it is a directory), so it could check to see if this flag
> is turned on. If it is turned on, then 'rm' could refuse to honor
> any '-rf' request on that directory.
I love the idea of this; it's the most elegant solution offered yet.
I'm also looking forward to the forthcoming bikeshed regarding exactly
what the flag should be called. ;-)
-- It is not tinfoil, it is my new skin. I am a robot.
- application/pgp-signature attachment: stored