DragonFly kernel List (threaded) for 2003-09
Re: cache_lookup() work this week.
On Thu, 4 Sep 2003, Matthew Dillon wrote:
> :Consider also:
> : cd /a/b/c/d ; ln /a/outside
> :Time passes, and someone else types:
> : cd /a/b/c ; rm -Rf *
> :The person will think that they are just safely removing the
> :directory and everything below it, but now they could be
> :removing much more than that. We'd have to do something to
> :guard against that problem too. (and these hard links could
> :be created by users with nefarious purposes in mind, so the
> :person doing the 'rm' would have no reason to suspect that
> :this would be an issue).
> This is a good one, and easy to solve... rm would just unlink() or
> rmdir() the directory first, whether it is empty or not. If the unlink
> succeeds then rm considers its work done.
> The last instance of the directory would not be unlinkable... rm -rf
> would have to recurse through and delete the underlying files first.
mkdir -p /a/b/c/d/e
ln /a/b/c /a/b/c/d/e/f
rm -r /a/b
. ..leaves an unreachable cycle.
There are advantages in having a DAG for directory trees. I'm still
trying to figure out what good permitting cycles does.
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/
New Freedom of Information Act: theirs, to yours. Happy now?