On 11/22/2013 06:30 PM, Pádraig Brady wrote:
>> +
>> +# Pull rm(1) the teeth by intercepting the unlinkat() system call via the
> 
> s/the// ?

Pull the teeth from rm(1) by...

> 
> So the real case where this could not be handled (and what might
> actually catch users out) is when various synonyms of '/' are specified.
> i.e. // //. /./ /bin/..
> It would be good to have tests for those.

Careful on the // case, for systems like cygwin where // is a distinct
root from / (it has a separate inode, but should likewise be forbidden
to recursively delete from // - hmm, I don't know that I've ever been
brave enough to actually test whether --preserve-root preserves // on
cygwin).

Also, if a user does 'ln -s / root' and does 'rm -r root/.'
(technically, this should also be done for 'rm -r root/', but Linux
doesn't obey POSIX with regards to 'rm symlink-to-dir/').

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org