Protection from the dreaded "rm -fr /"
Giorgos Keramidas
keramida at freebsd.org
Sat Oct 2 01:51:48 PDT 2004
On 2004-10-02 10:34, Michael Reifenberger <mike at reifenberger.com> wrote:
> On Sat, 2 Oct 2004, Giorgos Keramidas wrote:
> >Date: Sat, 2 Oct 2004 11:19:28 +0300
> >From: Giorgos Keramidas <keramida at freebsd.org>
> >To: freebsd-hackers at freebsd.org
> >Subject: Protection from the dreaded "rm -fr /"
> >
> >John Beck, who works for Sun, has posted an entry in his blog yesterday
> >about "rm -fr /" protection, which I liked a lot:
> >http://blogs.sun.com/roller/page/jbeck/20041001#rm_rf_protection
> >
> >His idea was remarkably simple, so I went ahead and wrote this patch for
> >rm(1) of FreeBSD:
>
> This does only help for the obvious case of '/' but not for the
> './' and '../' or '../../' ... accidents.
Hmm, indeed. This can be fixed, but it might take a little thinking
over about ways to implement it without adding too much overhead to the
way rm(1) works now.
> Furthermore does it prevent root from doing `rm -rf /` which is a pretty
> legal operation for root since he knows what he is doing.
>
> This is UNIX, not Windows.
Yes, so? Does it mean we should always point guns at our feet and hope
that we don't accidentally pull the trigger because some unlucky event
made us jump a bit up?
The reason I liked this idea is that root has zillions of other ways to
destroy an entire system, but not many of them are likely to be the
result of mistyping a single character as shown below:
# rm -fr / home/someuser/*
A single extra space can really wreak havoc in this case. If the real
intention of the superuser is to delete everything, he can repartition
his disk, he can dd if=/dev/zero of=/dev/ad0, he can do many things.
Adding protection that prevents foot-shooting is not something without
precedent to FreeBSD either:
http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/boot0cfg/boot0cfg.c.diff?r1=1.13&r2=1.14
Having said that, if most people do like the change but there are others
who don't, I can always make it work as before with a double -f option.
- Giorgos
More information about the freebsd-hackers
mailing list