aboutsummaryrefslogtreecommitdiff
path: root/bin/rm
Commit message (Collapse)AuthorAgeFilesLines
* fts_read: Handle error from a NULL return better.Bryan Drewery2020-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | This is addressing cases such as fts_read(3) encountering an [EIO] from fchdir(2) when FTS_NOCHDIR is not set. That would otherwise be seen as a successful traversal in some of these cases while silently discarding expected work. As noted in r264201, fts_read() does not set errno to 0 on a successful EOF so it needs to be set before calling it. Otherwise we might see a random error from one of the iterations. gzip is ignoring most errors and could be improved separately. Reviewed by: vangyzen Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D27184 Notes: svn path=/head/; revision=368467
* Remove include of stdint.h. It was added in r241014 for uintmax_t,Xin LI2020-04-231-1/+0
| | | | | | | | | which is gone in r340330 and is therefore no longer necessary. MFC after: 2 weeks Notes: svn path=/head/; revision=360213
* rm(1): Formalize non-functional status of -P flagConrad Meyer2018-11-102-137/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -P was introduced in 4.4BSD-Lite2 around 1994. It overwrote file contents with a pass of 0xff, 0x00, then 0xff, in a low effort attempt to "really delete" files. It has no user-visible effect; at the end of the day, the file is unlinked via the filesystem. Furthermore, the utility of overwriting files with patterned data is extremely limited due to caveats at every layer of the stack[0] and therefore mostly futile. At the least, three passes is likely wasteful on modern hardware[1]. It could also be seen as a violation of the "Unix Philosophy" to do one thing per tiny, composable program. Since 1994, FreeBSD has left it alone; OpenBSD replaced it with a single pass of arc4random(3) output in 2012[2]; and NetBSD implemented partial, but explicitly incomplete support for U.S. DoD 5220.22-M, "National Industrial Security Program Operating Manual" in 2004[3]. NetBSD's enhanced comment above rm_overwrite makes a strong case for removing the flag entirely: > This is an expensive way to keep people from recovering files from your > non-snapshotted FFS filesystems using fsdb(8). Really. No more. > > It is impossible to actually conform to the exact procedure given in > [NISPOM] if one is overwriting a file, not an entire disk, because the > procedure requires examination and comparison of the disk's defect lists. > Any program that claims to securely erase *files* while conforming to the > standard, then, is not correct. > > Furthermore, the presence of track caches, disk and controller write > caches, and so forth make it extremely difficult to ensure that data have > actually been written to the disk, particularly when one tries to repeatedly > overwrite the same sectors in quick succession. We call fsync(), but > controllers with nonvolatile cache, as well as IDE disks that just plain lie > about the stable storage of data, will defeat this. > > [NISPOM] requires physical media destruction, rather than any technique of > the sort attempted here, for secret data. As a first step towards evental removal, make it a placebo. It's not like it was serving any security function. It is not defined in or mentioned by POSIX. If you are security conscious and need to erase your files, use a woodchipper. At a minimum, the entire disk needs to be overwritten, not just one file. [0]: https://www.ru.nl/publish/pages/909282/draft-paper.pdf [1]: https://commons.erau.edu/cgi/viewcontent.cgi?article=1131&context=jdfsl [2]: https://github.com/openbsd/src/commit/7c5c57ba81b5fe8ff2d4899ff643af18c [3]: https://github.com/NetBSD/src/commit/fdf0a7a25e59af958fca1e2159921562cd Reviewed by: markj, Daniel O'Connor <darius AT dons.net.au> (previous version) Differential Revision: https://reviews.freebsd.org/D17906 Notes: svn path=/head/; revision=340330
* Fix unlink(1) for files starting with -Ed Maste2018-09-126-9/+79
| | | | | | | | | | | | | | | | | | Restore the original behavior of unlink(1), passing the provided filename directly to unlink(2), handling the first argument being "--" correctly. This fixes "unlink -foo", broken in r97533. PR: 228448 Submitted by: Brennan Vincent <brennan@umanwizard.com> (original version) Submitted by: Yuri Pankov Reported by: Brennan Vincent <brennan@umanwizard.com> Reviewed by: emaste, kevans, vangyzen, 0mp Approved by: re (delphij) Differential Revision: https://reviews.freebsd.org/D17132 Notes: svn path=/head/; revision=338620
* General further adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-201-0/+2
| | | | | | | | | | | | | | | | | Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point. Notes: svn path=/head/; revision=326025
* Fix cosmetic nit when printing out "override $mode" and "$owner/$group ..."Enji Cooper2017-11-051-1/+1
| | | | | | | | | | | | The wrong index was being checked for == ' ' in the resulting stringified mode from strmode(3) -- it should have been the 11th value, not the 10th. MFC after: 3 days PR: 76711 Submitted by: Vasil Dimov <vd@datamax.bg> Notes: svn path=/head/; revision=325450
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-311-1/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* Renumber copyright clause 4Warner Losh2017-02-282-2/+2
| | | | | | | | | | | | Renumber cluase 4 to 3, per what everybody else did when BSD granted them permission to remove clause 3. My insistance on keeping the same numbering for legal reasons is too pedantic, so give up on that point. Submitted by: Jan Schaumann <jschauma@stevens.edu> Pull Request: https://github.com/freebsd/freebsd/pull/96 Notes: svn path=/head/; revision=314436
* Explicitly add unmarked bin/ binaries to the runtime package.Glen Barber2016-02-091-0/+1
| | | | | | | | | | | Note: tcsh(1) has a MK_TCSH=no test, so this should be a separate package, which requires pre-install/post-install scripts, to be added later. Sponsored by: The FreeBSD Foundation Notes: svn path=/projects/release-pkg/; revision=295439
* Protecting against rm -rf / is now POSIXLY_CORRECT per posix 1003.1Baptiste Daroussin2015-11-072-4/+3
| | | | | | | | | | | | edition 2013. No need anymore to disable the protection if one set the POXILY_CORRECT environment variable. Reviewed by: imp MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D4092 Notes: svn path=/head/; revision=290480
* Respect locale settings.Xin LI2015-08-281-0/+3
| | | | | | | MFC after: 2 weeks Notes: svn path=/head/; revision=287237
* Add META_MODE support.Simon J. Gerraty2015-06-131-0/+18
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | Off by default, build behaves normally. WITH_META_MODE we get auto objdir creation, the ability to start build from anywhere in the tree. Still need to add real targets under targets/ to build packages. Differential Revision: D2796 Reviewed by: brooks imp Notes: svn path=/head/; revision=284345
| * dirdeps.mk now sets DEP_RELDIRSimon J. Gerraty2015-06-081-2/+0
| | | | | | | | Notes: svn path=/projects/bmake/; revision=284172
| * Merge head from 7/28Simon J. Gerraty2014-08-192-2/+1
| |\ | |/ |/| | | Notes: svn path=/projects/bmake/; revision=270164
| * Updated dependenciesSimon J. Gerraty2014-05-161-1/+0
| | | | | | | | Notes: svn path=/projects/bmake/; revision=266219
| * Updated dependenciesSimon J. Gerraty2014-05-101-0/+2
| | | | | | | | Notes: svn path=/projects/bmake/; revision=265802
| * Merge from headSimon J. Gerraty2013-09-052-25/+32
| |\ | | | | | | | | | Notes: svn path=/projects/bmake/; revision=255263
| * \ sync from headSimon J. Gerraty2013-04-121-1/+14
| |\ \ | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=249429
| * | | Updated dependenciesSimon J. Gerraty2013-03-111-0/+1
| | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=248169
| * | | Updated dependenciesSimon J. Gerraty2013-02-161-2/+0
| | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=246868
| * | | Sync from headSimon J. Gerraty2012-11-041-6/+20
| |\ \ \ | | | | | | | | | | | | | | | Notes: svn path=/projects/bmake/; revision=242545
| * | | | Sync FreeBSD's bmake branch with Juniper's internal bmake branch.Marcel Moolenaar2012-08-221-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Requested by: Simon Gerraty <sjg@juniper.net> Notes: svn path=/projects/bmake/; revision=239572
* | | | | rm -rf can fail sometimes with an error from fts_read. Make it honorWarner Losh2014-07-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fflag to ignore fts_read errors, but stop deleting from that directory because no further progress can be made. When building a kernel with a high -j value on a high core count machine, during the cleanobj phase we can wind up doing multiple rm -rf at the same time for modules that have subdirectories. This exposed this race (sometimes) as fts_read can return an error if the directory is removed by another rm -rf. Since the intent of the -f flag was to ignore errors, even if this was a bug in fts_read, we should ignore the error like we've been instructed to do. Notes: svn path=/head/; revision=268376
* | | | | mdoc: remove superfluous paragraph macros.Joel Dahl2014-06-151-1/+0
| |_|_|/ |/| | | | | | | | | | | Notes: svn path=/head/; revision=267505
* | | | Add two more 'static' qualifiersEitan Adler2013-04-261-2/+2
| | | | | | | | | | | | | | | | Notes: svn path=/head/; revision=249950
* | | | Take some improvements from DragonFlyBSD:Eitan Adler2013-04-261-17/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - add const where appropriate - add static where appropriate - fix a whitespace issues Reviewed by: brooks Obtained from: DragonFlyBSD MFC After: 1 week Notes: svn path=/head/; revision=249949
* | | | Add -x option to avoid crossing mount points when removing a hierarchy.Eitan Adler2013-04-262-6/+13
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | Discussed on: -hackers Inspired by: DragonflyBSD MFC After: 1 week Notes: svn path=/head/; revision=249948
* | | Add a few examples.Joel Dahl2013-03-151-1/+14
| |/ |/| | | | | | | | | | | Obtained from: OpenBSD Notes: svn path=/head/; revision=248342
* | Fix bin/ build with a 64-bit ino_t.Matthew D Fleming2012-09-271-2/+3
| | | | | | | | | | | | | | Original code by: Gleb Kurtsou Notes: svn path=/head/; revision=241014
* | Polish previous revision: if the fts_* routines have lstat()'ed theXin LI2012-06-201-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | directory entry then use the struct stat from that instead of doing it again, and skip the rm_overwrite() call if fts_read() indicated that the entry couldn't be a regular file. Obtained from: OpenBSD MFC after: 1 week Notes: svn path=/head/; revision=237339
* | Fix potential symlink race condition in "rm -P" by adding a checkKevin Lo2012-06-201-2/+9
|/ | | | | | | | | | that the file we have opened is the one we expected. Also open in non-blocking mode to avoid a potential hang with FIFOs. Obtained from: NetBSD via OpenBSD Notes: svn path=/head/; revision=237284
* Put some static keywords in the source code.Ed Schouten2011-10-311-4/+4
| | | | | | | | | For these simple utilities, it doesn't harm to make all global variables static. In fact, this allows the compiler to perform better forms of optimisation and analysis. Notes: svn path=/head/; revision=226961
* bin: Prefer strrchr() to rindex().Jilles Tjoelker2011-03-151-1/+1
| | | | | | | This removes the last index/rindex usage from /bin. Notes: svn path=/head/; revision=219680
* Fix typo and grammar nitUlrich Spörlein2010-10-311-2/+2
| | | | | | | | Submitted by: arundel MFC after: 7 days (or when the bikeshed has abated) Notes: svn path=/head/; revision=214604
* Elaborate some more on the non-security implications of using -PUlrich Spörlein2010-10-311-6/+15
| | | | | | | | Submitted by: delphij Discussion at: svn-src-all Notes: svn path=/head/; revision=214596
* Language cleanup.Dag-Erling Smørgrav2010-10-271-3/+3
| | | | Notes: svn path=/head/; revision=214431
* rm(1): clarify that -P works only when blocks are updated in-placeUlrich Spörlein2010-10-082-6/+6
| | | | | | | Suggested by: pjd, ivoras, arundel Notes: svn path=/head/; revision=213582
* Clarify the combination effect of -P and -f to make it clear.Xin LI2010-10-041-3/+7
| | | | | | | | Submitted by: arundel MFC after: 2 weeks Notes: svn path=/head/; revision=213398
* rm, find -delete: fix removing symlinks with uchg/uappnd set.Jilles Tjoelker2009-05-301-3/+3
| | | | | | | | | | | | | | | Formerly, this tried to clear the flags on the symlink's target instead of the symlink itself. As before, this only happens for root or for the unlink(1) variant of rm. PR: bin/111226 (part of) Submitted by: Martin Kammerhofer Approved by: ed (mentor) MFC after: 3 weeks Notes: svn path=/head/; revision=193087
* Implement ^T support for rm: now it will report the next file itWarner Losh2009-04-291-0/+29
| | | | | | | | | removes when you hit ^T. This is similar to what's done for cp. The signal handler and type definitions for "info" were borrowed directly from cp. Notes: svn path=/head/; revision=191670
* Give a hint to the reader as to what the "whiteout" actually means.Ruslan Ermilov2006-12-261-2/+3
| | | | Notes: svn path=/head/; revision=165555
* Fix markup, add the EXIT STATUS section.Ruslan Ermilov2006-12-261-7/+12
| | | | Notes: svn path=/head/; revision=165554
* Correct a security issue introduced in previous commit:Xin LI2006-10-312-3/+11
| | | | | | | | | | | | | | | | | | | | | | | instead of removing the file and issue a warning about the removal, do not do any operation at all in case -P is specified when the dinode has hard links. With -f and -P specified together, we assume that the user wants rm to overwrite the contents of the file and remove it (destroy the contents of file but leave its hard links as is). The reason of doing it this way is that, in case where a hard link is created by a malicious user (currently this is permitted even if the user has no access to the file). Losing the link can potentially mean that the actual owner would lose control completely to the user who wants to obtain access in a future day. Discussed with: Peter Jermey Notes: svn path=/head/; revision=163812
* Be more reasonable when overwrite mode is specified while thereXin LI2006-10-302-1/+8
| | | | | | | | | | | | is hard links. Overwritting when links > 1 would cause data loss, which is usually undesired. Inspired by: discussion on -hackers@ Suggested by: elessar at bsdforen de Obtained from: OpenBSD Notes: svn path=/head/; revision=163777
* o Backout rev. 1.55. Don't waste cpu cycles for bzero(), do notMaxim Konovalov2006-10-181-2/+1
| | | | | | | | | call chflags() for whiteouted files. Prodded by: ru Notes: svn path=/head/; revision=163485
* o Zero out struct stat before usage. lstat(2) can fail andMaxim Konovalov2006-10-181-0/+1
| | | | | | | | | | | leave garbage there which will break -W code path. PR: bin/84569 Submitted by: Igor MFC after: 2 weeks Notes: svn path=/head/; revision=163476
* o Be pedantic and do fts_close() when done.Maxim Konovalov2006-04-151-0/+1
| | | | | | | | | PR: bin/95292 Submitted by: Charles Hardin Obtained from: NetBSD via OpenBSD, PR Notes: svn path=/head/; revision=157770
* -mdoc sweep.Ruslan Ermilov2005-11-171-1/+1
| | | | Notes: svn path=/head/; revision=152547
* Give .Dd a tummy rub, forgotten on my last commit.Doug Barton2005-09-301-1/+1
| | | | Notes: svn path=/head/; revision=150742
* Handle the case where the -P flag is specified for a read-only fileDoug Barton2005-09-292-4/+9
| | | | | | | | | | | | | | | | | earlier, and more gracefully. Previously, this combination would be ignored early in the code where permissions are tested and fail later with a very unhelpful "permission denied" error. Instead, test for this flag in the same block that generates the "override?" messages for read-only files, but instead of trying to guess what the user has in mind, generate an error and exit. Update the man page to reflect this new behavior. Not objected to by: freebsd-hackers@ Notes: svn path=/head/; revision=150729
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 22:02:43 +0000