Protection from the dreaded "rm -fr /"
Greg Black
gjb at gbch.net
Sat Oct 2 03:57:20 PDT 2004
On 2004-10-02, Giorgos Keramidas wrote:
> I liked what Max Laier proposed though, about making this tunable and
> defaulting to off. See below for the behavior of what I've come up with:
>
> On 2004-10-02 11:23, Max Laier <max at love2party.net> wrote:
> > [ Sorry to be so negative ... ]
> >
> > At very least you should consider to error out silently as POSIX
> > requires "-f" to be silent. Other than that you should really look
> > into the standards and what they way about rm and friends.
>
> Agreed. Thanks for the feedback. Positive replies are not the only
> sort that are worth a lot :-)
Interesting -- if POSIX requires -f to be silent, we have quite
a bit of work to do, as our rm is not silent in several cases of
failure. And, while checking this, it wold be good to see what
the standards say about exit values -- some errors are silent
and return 0; others are noisy and return 1; there may be other
possibilities, but I haven't checked exhaustively.
As for protecting against "rm -rf / foo" as a typo for "rm -rf
/foo", I don't mind if we offer protection against that; but I
see no reason at all to "protect" root from "rm -rf /". It's
fair to say that somebody who types that means it, and it's fair
to go as far as we can in satisfying it.
In any case, the new behaviour should only kick in if some
environment variable is set and should not require doubled -f
options. We all know how rm works and it's not broken.
Greg
More information about the freebsd-hackers
mailing list