Protection from the dreaded "rm -fr /"
ceri at submonkey.net
Sat Oct 2 15:00:40 PDT 2004
On Sat, Oct 02, 2004 at 05:22:50PM -0400, Garance A Drosihn wrote:
> At 8:57 PM +0300 10/2/04, Giorgos Keramidas wrote:
> >On 2004-10-02 21:23, Lee Harr <missive at hotmail.com> wrote:
> > > > John Beck, who works for Sun, has posted an entry in his blog
> > > > yesterday about "rm -fr /" protection, which I liked a lot:
> > > >
> > > > http://blogs.sun.com/roller/page/jbeck/20041001#rm_rf_protection
> >> >
> > > > His idea was remarkably simple, so I went ahead and wrote this
> > > > patch for rm(1) of FreeBSD:
> > >
> >> How about:
> >> chflags sunlnk /
> >> ?
> >Setting sunlink on / will only protect the / directory, not its
> >descendants, so you don't gain much.
> We could add a new flag "srunlnk", or maybe even "srm-r". The "rm"
> command will always have to stat() the file it is given (just to
> see if it is a directory), so it could check to see if this flag
> is turned on. If it is turned on, then 'rm' could refuse to honor
> any '-rf' request on that directory.
I love the idea of this; it's the most elegant solution offered yet.
I'm also looking forward to the forthcoming bikeshed regarding exactly
what the flag should be called. ;-)
It is not tinfoil, it is my new skin. I am a robot.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20041002/39fab79a/attachment.bin
More information about the freebsd-hackers