Re: [patch] rm can have undesired side-effects

Peter Jeremy wrote:
On Mon, 2006-Oct-30 03:32:09 +0000, Xin LI wrote:
Be more reasonable when overwrite mode is specified while there
is hard links. Overwritting when links > 1 would cause data
loss, which is usually undesired.

Another way of looking at it is that not overwriting when links > 1
means that the data I thought I securely deleted is still present
somewhere on my computer and I have no easy way to find it.

I believe that this change creates a security hole and should be
reverted. It the user specified '-P', either the file should be
over-written or the file should be left untouched (not deleted).
This is the only way that the user can be protected both against
accidently over-writing a wanted file when an unwanted link is
removed and failing to over-write an unwanted file which had a
stray additional link.

Well thought, I think that you are correct that specifying -P should do
nothing but generate a warning.

In addition to this I have changed the behavior a bit (patch attached)
that, if -f is specified along with -P, the overwritten is happen and
the link would be removed. Please let me know if you are happy with
this change.

Cheers,
--
Xin LI <delphij@xxxxxxxxxxx> http://www.delphij.net/
FreeBSD - The Power to Serve!
Index: rm.1
===================================================================
RCS file: /home/ncvs/src/bin/rm/rm.1,v
retrieving revision 1.40
diff -u -r1.40 rm.1
--- rm.1 30 Oct 2006 03:32:09 -0000 1.40
+++ rm.1 30 Oct 2006 09:32:44 -0000
@@ -88,7 +88,9 @@
Overwrite regular files before deleting them.
Files are overwritten three times, first with the byte pattern 0xff,
then 0x00, and then 0xff again, before they are deleted.
-Files with multiple links will not be overwritten.
+Files with multiple links will not be overwritten nor deleted unless
+.Fl f
+is specified.
.Pp
Specifying this flag for a read only file will cause
.Nm
Index: rm.c
===================================================================
RCS file: /home/ncvs/src/bin/rm/rm.c,v
retrieving revision 1.57
diff -u -r1.57 rm.c
--- rm.c 30 Oct 2006 03:32:09 -0000 1.57
+++ rm.c 30 Oct 2006 09:31:35 -0000
@@ -400,10 +400,10 @@
}
if (!S_ISREG(sbp->st_mode))
return (1);
- if (sbp->st_nlink > 1) {
+ if (sbp->st_nlink > 1 && !fflag) {
warnx("%s (inode %u): not overwritten due to multiple links",
file, sbp->st_ino);
- return (1);
+ return (0);
}
if ((fd = open(file, O_WRONLY, 0)) == -1)
goto err;

Attachment: signature.asc
Description: OpenPGP digital signature