[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24604: Add '--no-preserve-roots' flag to 'rm' for better safety
From: |
Pádraig Brady |
Subject: |
bug#24604: Add '--no-preserve-roots' flag to 'rm' for better safety |
Date: |
Tue, 4 Oct 2016 12:38:51 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 04/10/16 03:21, Mohammed Sadiq wrote:
> '--no-preserve-root' that can be used to ignore if the path is root when using
> the 'rm' command.
>
> But as the most of the GNU commands accepts shortened flag as long as
> there is no ambiguity, this can be an issue too. So, 'rm --n' may have the
> same effect as 'rm --no-preserve-root'. There may be several users unaware
> of this feature which can cause several issues.
>
> 1. A cracker may be able to trick a user to bring a system down using
> '--n' flag.
> 2. A folder/file name like '--n' as an argument to 'rm' command may
> try to delete
> the whole files (in case a '/' too appears as an argument), and
> the user won't
> find a reason why it happened.
>
> One way to overcome this is set '--no-preserve-roots' too an alias for
> '--no-preserve-root'. This means that the user will have include the whole
> flag
> to ignore root check (shortening will create an ambiguity).
An interesting idea.
The main focus of the --no-preserve-root option is to protect against
accidental insertion of a space with `rm -rf blah /` or `rm -rf $blah/`.
With malicious arguments though one can obfuscate using shell quoting,
and the recent ls quoting changes are more general protection against that.
In saying that I don't see any issue with this, and there is a slight
increase in protection, so I'd be 60:40 for making this change.
cheers,
Pádraig.