svn commit: r214596 - head/bin/rm

Ulrich Spoerlein uqs at FreeBSD.org
Sun Oct 31 09:21:28 UTC 2010


Author: uqs
Date: Sun Oct 31 09:21:27 2010
New Revision: 214596
URL: http://svn.freebsd.org/changeset/base/214596

Log:
  Elaborate some more on the non-security implications of using -P
  
  Submitted by:	delphij
  Discussion at:	svn-src-all

Modified:
  head/bin/rm/rm.1

Modified: head/bin/rm/rm.1
==============================================================================
--- head/bin/rm/rm.1	Sun Oct 31 09:05:04 2010	(r214595)
+++ head/bin/rm/rm.1	Sun Oct 31 09:21:27 2010	(r214596)
@@ -32,7 +32,7 @@
 .\"	@(#)rm.1	8.5 (Berkeley) 12/5/94
 .\" $FreeBSD$
 .\"
-.Dd October 8, 2010
+.Dd October 31, 2010
 .Dt RM 1
 .Os
 .Sh NAME
@@ -100,6 +100,11 @@ Specifying this flag for a read only fil
 .Nm
 to generate an error message and exit.
 The file will not be removed or overwritten.
+.Pp
+N.B.: The
+.Fl P
+flag is not considered a security feature
+.Pq see Sx BUGS .
 .It Fl R
 Attempt to remove the file hierarchy rooted in each
 .Ar file
@@ -229,8 +234,12 @@ command appeared in
 .Sh BUGS
 The
 .Fl P
-option assumes that the underlying file system updates existing blocks
-in-place and does not store new data in a new location.
-This is true for UFS, but not for ZFS or other file systems which use
-copy-on-write semantics.
-In addition, only regular files are overwritten.
+option assumes that the underlying storage overwrites file block
+when data is written to an existing offset.
+Several factors including the file system and its backing store could defeat
+this assumption.
+This includes, but is not limited to file systems that use a
+Copy-On-Write strategy (e.g. ZFS or UFS when snapshots are being used), Flash
+media that is using a wear leveling algorithm, or when the backing datastore
+does journaling, etc.
+In addition, only regular files are overwritten, other types of files are not.


More information about the svn-src-all mailing list