Jessica K. Litwin wrote: > In root-dev-ino.h there is logic to prevent the user from doing > (for example) 'rm -rf /' without --no-preserve-root. It doesn't > prevent the user from doing 'rm -rf /*'. I can't think of any > reason why the two should be treated differently; I humbly > suggest patching root-dev-ino.h so that rm balks if instructed > to 'rm -rf /*' without --no-preserve-root.
One reason they are treated differently is that the 'rm' command will never see the "/*". That is never an argument to 'rm'. Instead the command shell, typically bash, will expand "/*" to the matching file glob of files. $ echo /* /bin /boot /dev /etc /home /lib /lib32 /lib64 /lost+found /media /mnt /mnt2 /mnt3 /opt /proc /root /run /sbin /srv /sys /tmp /usr /var This means that from the perspective of the 'rm' command that it is impossible to tell if the user typed in "rm -rf /*" or not. And so for example if you were to have added logic to root-dev-ino.h as you suggest to avoid "/*" then you would find that it never matches because of the behavior that the shell expands "*" wildcards as file globs before invoking the command. Bob
signature.asc
Description: Digital signature
