[patch] rm can have undesired side-effects
perryh at pluto.rain.com
perryh at pluto.rain.com
Mon Oct 30 02:14:49 UTC 2006
> ... deleted files are lost.
Not if another hard link exists!
I think a very strong case can be made that the *intent* of -P --
to prevent retrieval of the contents by reading the filesystem's
free space -- implies that it should affect only the "real" removal
of the file, when its blocks are released because the link count
has become zero. At that point, we by definition are only wiping
out data which is eligible to be overwritten by any process that
happens to be allocating space on the same filesystem, and which
can no longer be read by "normal" filesystem operations, anyway.
In this interpretation, "rm -P" when the link count exceeds 1 is
an erroneous command.
I'd at least allow rm -P to wipe a file with a non-zero remaining
link count only under the same restrictions applied to files that
are not writable by the invoker of rm.
More information about the freebsd-hackers
mailing list