| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is addressing cases such as fts_read(3) encountering an [EIO]
from fchdir(2) when FTS_NOCHDIR is not set. That would otherwise be
seen as a successful traversal in some of these cases while silently
discarding expected work.
As noted in r264201, fts_read() does not set errno to 0 on a successful
EOF so it needs to be set before calling it. Otherwise we might see
a random error from one of the iterations.
gzip is ignoring most errors and could be improved separately.
Reviewed by: vangyzen
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D27184
Notes:
svn path=/head/; revision=368467
|
| |
|
|
|
|
|
|
|
| |
which is gone in r340330 and is therefore no longer necessary.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=360213
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-P was introduced in 4.4BSD-Lite2 around 1994. It overwrote file contents
with a pass of 0xff, 0x00, then 0xff, in a low effort attempt to "really
delete" files.
It has no user-visible effect; at the end of the day, the file is unlinked via
the filesystem. Furthermore, the utility of overwriting files with patterned
data is extremely limited due to caveats at every layer of the stack[0] and
therefore mostly futile. At the least, three passes is likely wasteful on
modern hardware[1]. It could also be seen as a violation of the "Unix
Philosophy" to do one thing per tiny, composable program.
Since 1994, FreeBSD has left it alone; OpenBSD replaced it with a single
pass of arc4random(3) output in 2012[2]; and NetBSD implemented partial, but
explicitly incomplete support for U.S. DoD 5220.22-M, "National Industrial
Security Program Operating Manual" in 2004[3].
NetBSD's enhanced comment above rm_overwrite makes a strong case for removing
the flag entirely:
> This is an expensive way to keep people from recovering files from your
> non-snapshotted FFS filesystems using fsdb(8). Really. No more.
>
> It is impossible to actually conform to the exact procedure given in
> [NISPOM] if one is overwriting a file, not an entire disk, because the
> procedure requires examination and comparison of the disk's defect lists.
> Any program that claims to securely erase *files* while conforming to the
> standard, then, is not correct.
>
> Furthermore, the presence of track caches, disk and controller write
> caches, and so forth make it extremely difficult to ensure that data have
> actually been written to the disk, particularly when one tries to repeatedly
> overwrite the same sectors in quick succession. We call fsync(), but
> controllers with nonvolatile cache, as well as IDE disks that just plain lie
> about the stable storage of data, will defeat this.
>
> [NISPOM] requires physical media destruction, rather than any technique of
> the sort attempted here, for secret data.
As a first step towards evental removal, make it a placebo. It's not like
it was serving any security function. It is not defined in or mentioned by
POSIX.
If you are security conscious and need to erase your files, use a
woodchipper. At a minimum, the entire disk needs to be overwritten, not
just one file.
[0]: https://www.ru.nl/publish/pages/909282/draft-paper.pdf
[1]: https://commons.erau.edu/cgi/viewcontent.cgi?article=1131&context=jdfsl
[2]: https://github.com/openbsd/src/commit/7c5c57ba81b5fe8ff2d4899ff643af18c
[3]: https://github.com/NetBSD/src/commit/fdf0a7a25e59af958fca1e2159921562cd
Reviewed by: markj, Daniel O'Connor <darius AT dons.net.au> (previous version)
Differential Revision: https://reviews.freebsd.org/D17906
Notes:
svn path=/head/; revision=340330
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Restore the original behavior of unlink(1), passing the provided filename
directly to unlink(2), handling the first argument being "--" correctly.
This fixes "unlink -foo", broken in r97533.
PR: 228448
Submitted by: Brennan Vincent <brennan@umanwizard.com> (original version)
Submitted by: Yuri Pankov
Reported by: Brennan Vincent <brennan@umanwizard.com>
Reviewed by: emaste, kevans, vangyzen, 0mp
Approved by: re (delphij)
Differential Revision: https://reviews.freebsd.org/D17132
Notes:
svn path=/head/; revision=338620
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Notes:
svn path=/head/; revision=326025
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The wrong index was being checked for == ' ' in the resulting stringified
mode from strmode(3) -- it should have been the 11th value, not the 10th.
MFC after: 3 days
PR: 76711
Submitted by: Vasil Dimov <vd@datamax.bg>
Notes:
svn path=/head/; revision=325450
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
Notes:
svn path=/head/; revision=314436
|
| |
|
|
|
|
|
|
|
|
|
|
| |
edition 2013. No need anymore to disable the protection if one set
the POXILY_CORRECT environment variable.
Reviewed by: imp
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D4092
Notes:
svn path=/head/; revision=290480
|
| |
|
|
|
|
|
| |
MFC after: 2 weeks
Notes:
svn path=/head/; revision=287237
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fflag to ignore fts_read errors, but stop deleting from that directory
because no further progress can be made.
When building a kernel with a high -j value on a high core count
machine, during the cleanobj phase we can wind up doing multiple rm
-rf at the same time for modules that have subdirectories. This
exposed this race (sometimes) as fts_read can return an error if the
directory is removed by another rm -rf. Since the intent of the -f
flag was to ignore errors, even if this was a bug in fts_read, we
should ignore the error like we've been instructed to do.
Notes:
svn path=/head/; revision=268376
|
| |
|
|
| |
Notes:
svn path=/head/; revision=249950
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- add const where appropriate
- add static where appropriate
- fix a whitespace issues
Reviewed by: brooks
Obtained from: DragonFlyBSD
MFC After: 1 week
Notes:
svn path=/head/; revision=249949
|
| |
|
|
|
|
|
|
|
| |
Discussed on: -hackers
Inspired by: DragonflyBSD
MFC After: 1 week
Notes:
svn path=/head/; revision=249948
|
| |
|
|
|
|
|
| |
Original code by: Gleb Kurtsou
Notes:
svn path=/head/; revision=241014
|
| |
|
|
|
|
|
|
|
|
|
|
| |
directory entry then use the struct stat from that instead of doing
it again, and skip the rm_overwrite() call if fts_read() indicated
that the entry couldn't be a regular file.
Obtained from: OpenBSD
MFC after: 1 week
Notes:
svn path=/head/; revision=237339
|
| |
|
|
|
|
|
|
|
|
| |
that the file we have opened is the one we expected. Also open in
non-blocking mode to avoid a potential hang with FIFOs.
Obtained from: NetBSD via OpenBSD
Notes:
svn path=/head/; revision=237284
|
| |
|
|
|
|
|
|
|
| |
For these simple utilities, it doesn't harm to make all global variables
static. In fact, this allows the compiler to perform better forms of
optimisation and analysis.
Notes:
svn path=/head/; revision=226961
|
| |
|
|
|
|
|
| |
This removes the last index/rindex usage from /bin.
Notes:
svn path=/head/; revision=219680
|
| |
|
|
|
|
|
| |
Suggested by: pjd, ivoras, arundel
Notes:
svn path=/head/; revision=213582
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Formerly, this tried to clear the flags on the symlink's target
instead of the symlink itself.
As before, this only happens for root or for the unlink(1) variant of rm.
PR: bin/111226 (part of)
Submitted by: Martin Kammerhofer
Approved by: ed (mentor)
MFC after: 3 weeks
Notes:
svn path=/head/; revision=193087
|
| |
|
|
|
|
|
|
|
| |
removes when you hit ^T. This is similar to what's done for cp. The
signal handler and type definitions for "info" were borrowed directly
from cp.
Notes:
svn path=/head/; revision=191670
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
instead of removing the file and issue a warning about
the removal, do not do any operation at all in case -P
is specified when the dinode has hard links.
With -f and -P specified together, we assume that the
user wants rm to overwrite the contents of the file
and remove it (destroy the contents of file but leave
its hard links as is).
The reason of doing it this way is that, in case where
a hard link is created by a malicious user (currently
this is permitted even if the user has no access to the
file). Losing the link can potentially mean that the
actual owner would lose control completely to the user
who wants to obtain access in a future day.
Discussed with: Peter Jermey
Notes:
svn path=/head/; revision=163812
|
| |
|
|
|
|
|
|
|
|
|
|
| |
is hard links. Overwritting when links > 1 would cause data
loss, which is usually undesired.
Inspired by: discussion on -hackers@
Suggested by: elessar at bsdforen de
Obtained from: OpenBSD
Notes:
svn path=/head/; revision=163777
|
| |
|
|
|
|
|
|
|
| |
call chflags() for whiteouted files.
Prodded by: ru
Notes:
svn path=/head/; revision=163485
|
| |
|
|
|
|
|
|
|
|
|
| |
leave garbage there which will break -W code path.
PR: bin/84569
Submitted by: Igor
MFC after: 2 weeks
Notes:
svn path=/head/; revision=163476
|
| |
|
|
|
|
|
|
|
| |
PR: bin/95292
Submitted by: Charles Hardin
Obtained from: NetBSD via OpenBSD, PR
Notes:
svn path=/head/; revision=157770
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
earlier, and more gracefully. Previously, this combination would be
ignored early in the code where permissions are tested and fail later
with a very unhelpful "permission denied" error.
Instead, test for this flag in the same block that generates the
"override?" messages for read-only files, but instead of trying
to guess what the user has in mind, generate an error and exit.
Update the man page to reflect this new behavior.
Not objected to by: freebsd-hackers@
Notes:
svn path=/head/; revision=150729
|
| |
|
|
| |
Notes:
svn path=/head/; revision=137639
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
removing directories or if more than 3 files are listed in the
command line.
This feature is intended to provide a safe net but not being too
annoying like having "rm -i" for every deleting operations, and
is generally good for both newbies and power users, preventing
them from being so easily run into ``rm -rf /'', ``rm -rf *''
and so forth.
Originally implemented by Matthew Dillon for DragonFly, plus
some improvements done by various DragonFly contributors.
Approved by: murray (mentor; the original dillon's version)
Discussed with: des
Obtained from: DragonFly's bin/rm/
rm.c rev. 1.4 - 1.8
rm.1 rev. 1.3 - 1.4
MFC After: 1 month
Notes:
svn path=/head/; revision=137009
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
occurrences of "/" in the argument list. This corresponds to Enhancement
Request Number 5 in the Austin Group TC2 Aardvark's XCU Defects Report
(<URL:http://www.opengroup.org/austin/aardvark/finaltext/xcubug.txt>).
Further discussion is available in the Austin Group mailing list archives
(<URL:http://www.opengroup.org/austin/mailarchives/>, "Defect in XCU rm")
and for Austin Group members, in the Austin Group Interpretations archive
(<URL:http://www.opengroup.org/austin/interps/>, AI-019)
This commit makes that check conditional on !POSIXLY_CORRECT, since it
is not strictly correct according to the current version of the standard
(but is expected to be correct according to the next version, and has
already been adopted by Solaris).
Notes:
svn path=/head/; revision=136124
|
| |
|
|
| |
Notes:
svn path=/head/; revision=136113
|
| |
|
|
| |
Notes:
svn path=/head/; revision=136112
|
| |
|
|
|
|
|
| |
OK'ed by: imp, core
Notes:
svn path=/head/; revision=127958
|
| |
|
|
|
|
|
|
|
|
|
|
| |
o When fts_read() cannot stat the file, it can't be unlinked. At
that case, don't display error message when -f flag is used.
Obtained from: bde
PR: kern/16815, bin/35842
Reported by: kuriyama, Aleksandr A. Babaylov <.@babolo.ru>
Notes:
svn path=/head/; revision=124041
|
| |
|
|
|
|
|
|
|
|
|
|
| |
do only unlink the file if we could indeed overwrite the file.
Old behaviour: rm -P /tmp/foo (foo mode 0444) would NOT overwrite foo,
but still delete it (with a warning: rm: foo: Permission denied)
New behaviour: Just the EPERM warning, but no deletion
Reviewed by: bde
Notes:
svn path=/head/; revision=122409
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rm_overwrite() (for rm -P).
2. Print the file name in the error message for (fatal) malloc() failures
in rm_overwrite(). I first thought that malloc() failures should be
non-fatal since they don't prevent proceeding the the next file, but
making them non-fatal would normally give too much output for rm -Pr
on a large tree in the unlikely event that even one occurs, since the
malloc()ed amounts are usually the same. Just print the file name since
the malloc()ed amounts are not always the same and it doesn't hurt to
know where rm was when it quit.
Submitted by: guido ((1) and original version of (2))
Notes:
svn path=/head/; revision=122304
|
| |
|
|
| |
Notes:
svn path=/head/; revision=114433
|
| |
|
|
| |
Notes:
svn path=/head/; revision=102230
|
| |
|
|
|
|
|
| |
before I made unlink use getopt().
Notes:
svn path=/head/; revision=99858
|
| |
|
|
|
|
|
| |
happy about it any more so change the usage to make buildworld work again.
Notes:
svn path=/head/; revision=99744
|
| |
|
|
| |
Notes:
svn path=/head/; revision=99110
|
| |
|
|
| |
Notes:
svn path=/head/; revision=97533
|
| |
|
|
|
|
|
| |
Reviewed by: brian
Notes:
svn path=/head/; revision=96702
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move group_from_gid to grp.h
Remove from stdlib.h
Make the prototypes match the code
Fix rm and mv to include new files.
NetBSD has these defined in those files, and others too that I've not
done.
Approved by: terminal room kabal
Reviewed by: jhb, phk
Notes:
svn path=/head/; revision=90644
|
| |
|
|
|
|
|
|
|
|
|
|
| |
o Old-style K&R declarations have been converted to new C89 style
o register has been removed
o prototype for main() has been removed (gcc3 makes it an error)
o int main(int argc, char *argv[]) is the preferred main definition.
o Attempt to not break style(9) conformance for declarations more than
they already are.
Notes:
svn path=/head/; revision=90110
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(which somehow now seems to be the default for compiling -current).
This error popped up while doing a PicoBSD cross-compile on a 4.3-ish system,
it may well be that there are other apps which have similar problems,
but I did not spot them as they are not included in my picobsd config.
Whether adding prototypes for main() is the correct solution or not
I have no idea, a request to -current on the matter went basically
unanswered. Those who have better ideas are welcome to back this out
and replace it with the correct fix.
Notes:
svn path=/head/; revision=87893
|
| |
|
|
| |
Notes:
svn path=/head/; revision=78170
|
| |
|
|
|
|
|
| |
Submitted by: Peter Pentchev <roam@orbitel.bg>
Notes:
svn path=/head/; revision=70219
|
| |
|
|
| |
Notes:
svn path=/head/; revision=61749
|
| |
|
|
| |
Notes:
svn path=/head/; revision=59863
|
