Email List: Xaustin-review-lX
[All Lists]
<prev [Date] next>
Search for messages containing

in message Subject: To: From: (none)
<prev [Thread] next>

Re: Defect in XCU rm

To: yyyyyyyyy@xxxxxxx
Subject: Re: Defect in XCU rm
From: yyyyyyy@xxxxxxxx
Date: Tue, 11 Mar 2003 13:45:48 -0500 (EST)
Cc: yyyyyyyyyyyyyyy@xxxxxxxxxxxxx 
On Tue, 11 Mar 2003 yyyyyyyyy@xxxxxxx wrote:

>       Defect report from : John Beck , Sun Microsystems
>
> (Please direct followup comments direct to yyyyyyyyyyyyyy@xxxxxxxxxxxxx)
>
> @ page 820 line 31681-31683 section rm comment {JTB-1}
>
> Problem:
>
> Defect code :  3. Clarification required
>
> An occasional user mistake, with devastating consequences, is to
> write a shell script with a line such as:
>       rm -rf $VARIABLE1/$VARIABLE2
> or
>       rm -rf /$VARIABLE1
> without verifying that either variable is set, which can lead to
>       rm -rf /
> being the resulting command.  Since there is no plausible
> circumstance under which this is the desired behavior, it seems
> reasonable to disallow this.  Such a safeguard would, however,
> violate the current specification.

OK, I agree that this can be an opportunity to make a serious mistake.
However, I would not be so quick to assume that there is no plausible
reason to delete everything under slash. I admit it is a stretch, but not
implausible. The stated purpose of rm is to delete files. The stated
purpose of -rf is to do so recursively and without question.

More to the point, perhaps, your example is one of a whole host of
possible user errors, including "rm -rf /usr/$SUBDIR" or "rm -rf
/$SUBDIR/*" which your proposal does not help with. Also, the
destruction is limited to what the process has permissions to delete. A
careful user has options to prevent such catastrophes, including error
checking, limitations on permissions and chroot prisons.

On the other hand, it could be said that the result of "rm -rf /" is
"undefined" even if the implementation *does* allow it, especially once rm
gets around to stomping on the system shared libraries ;).

I would not want a change like this without very careful consideration.

> Action:
>
> Either extend the exceptions for . and .. on the noted lines
> to list / as well, or specify that the behavior of rm if an
> operand resolves to / is undefined.

-- 
Eric Vought
Chief Technical Officer - QLUE Consulting, Inc.

yyyyyyy@xxxxxxxx toll-free: 888-771-3538  RTP area: 919-816-9901
[Search for more with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Defect in XCU rm, john.beck
Next by Date:  Re: Defect in XCU rm, John Beck
Previous by Thread:  Defect in XCU rm, john.beck
Next by Thread:  Re: Defect in XCU rm, John Beck
Indexes:  [Date] [Thread] [All Lists]