From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 06:57:49 2013 Received: (at submit) by debbugs.gnu.org; 19 Nov 2013 11:57:49 +0000 Received: from localhost ([127.0.0.1]:32806 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VijwC-0005Ik-M2 for submit@debbugs.gnu.org; Tue, 19 Nov 2013 06:57:48 -0500 Received: from eggs.gnu.org ([208.118.235.92]:38932) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vijw9-0005IU-LZ for submit@debbugs.gnu.org; Tue, 19 Nov 2013 06:57:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vijvv-0000Lo-SP for submit@debbugs.gnu.org; Tue, 19 Nov 2013 06:57:40 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:38058) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vijvv-0000Lk-Ph for submit@debbugs.gnu.org; Tue, 19 Nov 2013 06:57:31 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:40604) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vijvp-0003dD-Ls for bug-coreutils@gnu.org; Tue, 19 Nov 2013 06:57:31 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vijvj-0000I7-NW for bug-coreutils@gnu.org; Tue, 19 Nov 2013 06:57:25 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:54262) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vijvj-0000Gz-Ds for bug-coreutils@gnu.org; Tue, 19 Nov 2013 06:57:19 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rAJBux0N087692 for ; Tue, 19 Nov 2013 03:57:01 -0800 Message-ID: <528B520B.1080601@tlinx.org> Date: Tue, 19 Nov 2013 03:56:59 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: bug-coreutils@gnu.org Subject: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Since there is already an unlink command that corresponds to unlinking a file, but there seems to be no command corresponding to the POSIX remove command, it seems upgrading 'rm' to use the 'remove' POSIX call would be a beneficial move of all the recent POSIX changes. So how about upgrading 'rm' to use the remove function so it would work on empty directories as well. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 07:15:35 2013 Received: (at 15926) by debbugs.gnu.org; 19 Nov 2013 12:15:35 +0000 Received: from localhost ([127.0.0.1]:32828 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VikDO-0005mc-Tb for submit@debbugs.gnu.org; Tue, 19 Nov 2013 07:15:35 -0500 Received: from mail4.vodafone.ie ([213.233.128.170]:22704) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VikDM-0005mH-QH; Tue, 19 Nov 2013 07:15:33 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.77.212.62]) by mail3.vodafone.ie with ESMTP; 19 Nov 2013 12:15:26 +0000 Message-ID: <528B565D.4020205@draigBrady.com> Date: Tue, 19 Nov 2013 12:15:25 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Linda Walsh Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> In-Reply-To: <528B520B.1080601@tlinx.org> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) tag 15926 notabug close 15926 stop On 11/19/2013 11:56 AM, Linda Walsh wrote: > Since there is already an unlink command that corresponds to unlinking a file, > but there seems to be no command corresponding to the POSIX > remove command, it seems upgrading 'rm' to use the 'remove' > POSIX call would be a beneficial move of all the recent POSIX > changes. > > So how about upgrading 'rm' to use the remove function so > it would work on empty directories as well. Well we have the -d option to rm to explicitly do that. That's a fairly fundamental change that would have backwards compat issues. POSIX is explicit in the handling of directories also: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 13:17:10 2013 Received: (at 15926) by debbugs.gnu.org; 19 Nov 2013 18:17:10 +0000 Received: from localhost ([127.0.0.1]:33528 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ViprJ-0007tA-UP for submit@debbugs.gnu.org; Tue, 19 Nov 2013 13:17:10 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:50442) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ViprH-0007sz-Vu for 15926@debbugs.gnu.org; Tue, 19 Nov 2013 13:17:08 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rAJIH3nQ017330; Tue, 19 Nov 2013 10:17:06 -0800 Message-ID: <528BAB1E.9090406@tlinx.org> Date: Tue, 19 Nov 2013 10:17:02 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Pádraig Brady Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> In-Reply-To: <528B565D.4020205@draigBrady.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 19/11/2013 04:15, Pádraig Brady wrote: > tag 15926 notabug > close 15926 > stop > > On 11/19/2013 11:56 AM, Linda Walsh wrote: > > Since there is already an unlink command that corresponds to unlinking a file, > > but there seems to be no command corresponding to the POSIX > > remove command, it seems upgrading 'rm' to use the 'remove' > > POSIX call would be a beneficial move of all the recent POSIX > > changes. > > > > So how about upgrading 'rm' to use the remove function so > > it would work on empty directories as well. > > Well we have the -d option to rm to explicitly do that. --- Does the posix "remove" call require a -d? I thought it made more sense to have rm correspond to remove than create another command called remove that called remove. Are you saying that you think it would be better to have a remove command that does this? As for the posix document you pointed at, I'm suggesting doing step 4 after step 1... same thing posix does, just reordering things a bit. This came up, BTW, because a useless error message was added to find such that if you used find dir/. -type d -empty -delete, it now exits with an error status telling you nothing. other than it didn't delete the "." entry from inside the dir (which most people know can't be done anyway). But now there is no way to determine if the find command failed, or if it is just making noise over things it never has done. Alternatively, I suggested adding a -f flag that would occur, positionally before any path arguments (like the -H/-L/-P opts now), that would silence such fails and return a 0 status for delete failures that the OS cannot do. No useful purpose is served by the new error message, and creating it breaks compatibility with scripts. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 13:34:20 2013 Received: (at 15926) by debbugs.gnu.org; 19 Nov 2013 18:34:20 +0000 Received: from localhost ([127.0.0.1]:33548 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Viq7v-0008LS-LH for submit@debbugs.gnu.org; Tue, 19 Nov 2013 13:34:20 -0500 Received: from mx1.redhat.com ([209.132.183.28]:62639) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Viq7s-0008LJ-M3 for 15926@debbugs.gnu.org; Tue, 19 Nov 2013 13:34:17 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAJIYEg2014207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 19 Nov 2013 13:34:15 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAJIYDcG011293; Tue, 19 Nov 2013 13:34:13 -0500 Message-ID: <528BAF25.6020104@redhat.com> Date: Tue, 19 Nov 2013 11:34:13 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Linda Walsh , =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> In-Reply-To: <528BAB1E.9090406@tlinx.org> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="O6R73fvLh6V4D9RUni0vWfRvJs4sugbFN" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --O6R73fvLh6V4D9RUni0vWfRvJs4sugbFN Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/19/2013 11:17 AM, Linda Walsh wrote: >> Well we have the -d option to rm to explicitly do that. > --- > Does the posix "remove" call require a -d? Huh? There is no POSIX remove(1), only remove(3), unlink(2), rmdir(2), rm(1), rmdir(1), and unlink(1) (using the traditional notation of which man page section the interface is described in). GNU's 'rm -d' is an extension not required by POSIX, but consistent with BSD implementations.= >=20 > I thought it made more sense to have rm correspond to remove > than create another command called remove that called remove. Sorry, but to change that, you'd have to go back in time 30 or 40 years to when rm(1) was first written. People have grown to rely on 'rm(1)' being a wrapper around unlink(2), 'rmdir(1)' being a wrapper around rumdir(2), and 'rm(1) -R' being a wrapper around rmdir(2) or unlink(2) as needed. >=20 > Are you saying that you think it would be better to have a remove comma= nd > that does this? No, because remove(3) is just a thin wrapper around unlink(2) or rmdir(2), and most users are already familiar with how to remove files according to their type. I see no reason to add a remove(1). >=20 > As for the posix document you pointed at, I'm suggesting doing step 4 > after step 1... same thing posix does, just reordering things a bit. Sorry, but doing things in rm(1) in a different order than POSIX describes would lead to subtle breakage to lots of existing scripts. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --O6R73fvLh6V4D9RUni0vWfRvJs4sugbFN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSi68lAAoJEKeha0olJ0NqH4MIAI2URaoKaiKLgyqYWX9LgXXq Bj84AFGMvEaVesS7y5q7Ks2ENPenP09OzvFCTZvoeAQinzzWidfCAEUg08Dpmlf2 uxZuvHcuBEZ2p/3oQlD542JWOiRSUDk/SMU/sHHoGT6zhaTJg6tw/bz2AtDbgXIs goyUKa+vnirrYpprTeAol+T0U1/kwXFpAu3D2aonFxTHZJmUQs2nath9veBjJb5A wMBU1+NhRXOMf3RTQAv6yegPPxgbcU4JRjqCQrq+T1HtCGmvQLSHV1HlEWJYOkeN OpiXof2nhdGSalh5Ez7TiYd6b+4r+AfiB/7AA9DtzgX8L7aG/RFvWqFYHh8zPQU= =RrxL -----END PGP SIGNATURE----- --O6R73fvLh6V4D9RUni0vWfRvJs4sugbFN-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 14:52:14 2013 Received: (at 15926) by debbugs.gnu.org; 19 Nov 2013 19:52:14 +0000 Received: from localhost ([127.0.0.1]:33650 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VirLJ-0002ws-Ax for submit@debbugs.gnu.org; Tue, 19 Nov 2013 14:52:13 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:53329) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VirLH-0002wk-16 for 15926@debbugs.gnu.org; Tue, 19 Nov 2013 14:52:11 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rAJJq7p4044775; Tue, 19 Nov 2013 11:52:09 -0800 Message-ID: <528BC167.1030007@tlinx.org> Date: Tue, 19 Nov 2013 11:52:07 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> In-Reply-To: <528BAF25.6020104@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Pádraig Brady X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 19/11/2013 10:34, Eric Blake wrote: > On 11/19/2013 11:17 AM, Linda Walsh wrote: > > >> Well we have the -d option to rm to explicitly do that. > > --- > > Does the posix "remove" call require a -d? > > Huh? There is no POSIX remove(1), ---- Since when do you think of a "call" as being a command? > Sorry, but to change that, you'd have to go back in time 30 or 40 years > to when rm(1) was first written. People have grown to rely on 'rm(1)' > being a wrapper around unlink(2), 'rmdir(1)' being a wrapper around > rumdir(2), and 'rm(1) -R' being a wrapper around rmdir(2) or unlink(2) > as needed. ---- People relied on rm removing files in a depth first search order for 30-40 years. Posix changed that requiring special checks for ".". Scripts relied on that behavior for 30-40 years as well... If you want to use that reasoning, rm should go back to doing depth first deletion and reporting an error with deleting "." when it is finished. > > Sorry, but doing things in rm(1) in a different order than POSIX > describes would lead to subtle breakage to lots of existing scripts. ---- I claim not. Come up with 1 case where scripts rely on the current behavior -- to "die" before doing anything useful, vs. the pre-existing behavior which was to issue an error (suppressible with "-f") on the final deletion failing. I am calling your bluff -- show me the scripts (other than a posix conformance test script), that would fail -- subtly or otherwise. I assert they don't exist for 2 reasons. The foremost being that working scripts cannot rely on upon the deletion failure stopping any useful work being done by the command. The 2nd being it was a new change in posix that appeared in gnu utils in only the past few years. The previous 25-35 years of scripts would have relied on it working as *documented* (depth first). Checking pathnames before you start depth first traversal is not strictly depth first. By your own standards for not changing something, "rm" should be fixed to be the way it was for 30-40 years, as. The problem is, is that by implementing that change, functionality was lost and removed in "rm". The earlier version had more functionality. So you can't come up with scripts that rely on missing functionality to get things done. It's like relying on missing water to water your plants or missing food to feed yourself. You can't rely on the absence of a feature to do something positive with it. From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 15:45:20 2013 Received: (at 15926) by debbugs.gnu.org; 19 Nov 2013 20:45:20 +0000 Received: from localhost ([127.0.0.1]:33685 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VisAh-0006Rs-5g for submit@debbugs.gnu.org; Tue, 19 Nov 2013 15:45:20 -0500 Received: from joseki.proulx.com ([216.17.153.58]:38904) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VisAc-0006Rg-HW for 15926@debbugs.gnu.org; Tue, 19 Nov 2013 15:45:17 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 5D1A021229 for <15926@debbugs.gnu.org>; Tue, 19 Nov 2013 13:45:11 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 4423C2DC77; Tue, 19 Nov 2013 13:45:11 -0700 (MST) Date: Tue, 19 Nov 2013 13:45:11 -0700 From: Bob Proulx To: 15926@debbugs.gnu.org Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call Message-ID: <20131119204511.GA4448@hysteria.proulx.com> References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <528BC167.1030007@tlinx.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) Linda Walsh wrote: > but there seems to be no command corresponding to the POSIX > remove command, The language here is confusing. There isn't any "remove command". There is only the remove(3) library call. man 3 remove > it seems upgrading 'rm' to use the 'remove' POSIX call would be a > beneficial move of all the recent POSIX changes. That would introduce a significant behavior change and with certainty would introduce bugs. Therefore it shouldn't be done. > Eric Blake wrote: > > Linda Walsh wrote: > > > Pádraig Brady wrote: > > > > Linda Walsh wrote: > > > > > So how about upgrading 'rm' to use the remove function so > > > > > it would work on empty directories as well. > > > > > > > > Well we have the -d option to rm to explicitly do that. > > > > > > Does the posix "remove" call require a -d? Right at this point there is confusion. The only POSIX remove() is the libc library call remove(3). > > Huh? There is no POSIX remove(1), Yes. Huh? > Since when do you think of a "call" as being a command? We don't. But from what you wrote ("Does the posix "remove" call require a -d?") makes it appear that you think the posix remove(3) library call is a command. Because library calls do not take options like that while commands do. > > Sorry, but to change that, you'd have to go back in time 30 or 40 years > > to when rm(1) was first written. People have grown to rely on 'rm(1)' > > being a wrapper around unlink(2), 'rmdir(1)' being a wrapper around > > rumdir(2), and 'rm(1) -R' being a wrapper around rmdir(2) or unlink(2) > > as needed. Agreed. Let's not break this. > People relied on rm removing files in a depth first search order > for 30-40 years. When using 'rm -rf' they do. But only with the -r option. Never without it. The change you have proposed would for the first time in all of those years have rm remove a directory without the -r option. That would be bad because it would introduce bugs into scripts that are expecting the existing behavior of rm not removing directories. (Unless the -r option is given.) > Posix changed that requiring special checks for ".". Scripts relied > on that behavior for 30-40 years as well... If you want to use that > reasoning, rm should go back to doing depth first deletion and > reporting an error with deleting "." when it is finished. I actually agree with you on that point. ;-) (Regarding 'rm -rf .') > > Sorry, but doing things in rm(1) in a different order than POSIX > > describes would lead to subtle breakage to lots of existing scripts. > ---- > I claim not. Come up with 1 case where scripts rely on the current > behavior -- to "die" before doing anything useful, vs. the pre-existing > behavior which was to issue an error (suppressible with "-f") on the > final deletion failing. I have seen many various script writing styles. Some of them are atrocious indeed. I would expect to at some point see someone use rm on file system objects with abandon thinking that they won't remove directories. Suddenly they will be able to remove directories. That would be a change in behavior. Changing established behavior is bad. I routinely use the opposite side of things myself. I routinely use rmdir on empty directories knowing that if the directory is not empty that it will fail and not remove any actual file content. I could definitely see someone counting on the behavior that rm removes files but never removes directories. (Unless the -r option is given.) > I am calling your bluff -- show me the scripts (other than a posix > conformance test script), that would fail -- subtly or otherwise. Anything I show would be contrived. But that doesn't mean that changing the behavior should be done. mkdir a b c touch aa bb cc for f in *; do rm "$f"; done With existing behavior the directories would remain. With the new proposed behavior the directories would be removed. That is a behavior change that should not be made. If you want that behavior then the -d option is present and available. Simply use the -d option. mkdir a b c touch aa bb cc for f in *; do rm -d "$f"; done That gives you the behavior you are requesting. > I assert they don't exist for 2 reasons. The foremost being > that working scripts cannot rely on upon the deletion failure > stopping any useful work being done by the command. See the above example. > The 2nd being it was a new change in posix that appeared in gnu > utils in only the past few years. The previous 25-35 years of > scripts would have relied on it working as *documented* (depth > first). Since you are mentioning depth first I can only think you are talking about 'rm -r'. How does that tie into remove(3)? > Checking pathnames before you start depth first traversal is not > strictly depth first. Again, what does depth first traversal have to do with remove(3)? > By your own standards for not changing something, "rm" should > be fixed to be the way it was for 30-40 years, as. Huh? Stop here. Please explain. Your words here do not follow. > The problem is, is that by implementing that change, functionality > was lost and removed in "rm". The earlier version had more > functionality. So you can't come up with scripts that rely on > missing functionality to get things done. It's like relying on > missing water to water your plants or missing food to feed yourself. Are you talking about 'rm -rf .'? I agree with you on that one. That was a bad change to disallow it. It just wasn't as severe as what you are proposing. Disallowing 'rm -rf .' is a nanny-state type of behavior. It annoys me. It shouldn't have been done. But changing unlink(2) to remove(3) is much more severe and really, really shouldn't be done. Bob From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 19:02:56 2013 Received: (at 15926) by debbugs.gnu.org; 20 Nov 2013 00:02:56 +0000 Received: from localhost ([127.0.0.1]:33765 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VivFv-0002zB-IL for submit@debbugs.gnu.org; Tue, 19 Nov 2013 19:02:56 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:60268) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VivFs-0002z2-Bw for 15926@debbugs.gnu.org; Tue, 19 Nov 2013 19:02:53 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rAK02mCA050391; Tue, 19 Nov 2013 16:02:50 -0800 Message-ID: <528BFC28.1070106@tlinx.org> Date: Tue, 19 Nov 2013 16:02:48 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> In-Reply-To: <20131119204511.GA4448@hysteria.proulx.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 19/11/2013 12:45, Bob Proulx wrote: > >> Since when do you think of a "call" as being a command? > > We don't. But from what you wrote ("Does the posix "remove" call > require a -d?") makes it appear that you think the posix remove(3) > library call is a command. Because library calls do not take options > like that while commands do. ---- Well, that was a bit of metaphore, insomuch as the POSIX calls talk about flag passing with a value of AT_REMOVEDIR to do something different... -d in a call would likely be passed as an option > >>> Sorry, but to change that, you'd have to go back in time 30 or 40 years >>> to when rm(1) was first written. People have grown to rely on 'rm(1)' >>> being a wrapper around unlink(2), 'rmdir(1)' being a wrapper around >>> rumdir(2), and 'rm(1) -R' being a wrapper around rmdir(2) or unlink(2) >>> as needed. > > Agreed. Let's not break this. ---- I'm not see what would break. instead of failing to remove a non-empty directory, it would remove it (if it was empty and permissions allowed). > >> People relied on rm removing files in a depth first search order >> for 30-40 years. > > When using 'rm -rf' they do. But only with the -r option. Never > without it. --- Absolutely... that's what I was referring to, sorry for unclarity. > > The change you have proposed would for the first time in all of those > years have rm remove a directory without the -r option. That would be > bad because it would introduce bugs into scripts that are expecting > the existing behavior of rm not removing directories. (Unless the -r > option is given.) ---- I would ask how it would fail in a script -- I.e. we are only talking empty directories -- and currently an error would be returned if a script tried to do that. If the script was catching errors or running with "-e", the script would terminate under the current implementation. So no script could ever "work" relying on itself to be fail -- it's a contradiction in terms. > >> Posix changed that requiring special checks for ".". Scripts relied >> on that behavior for 30-40 years as well... If you want to use that >> reasoning, rm should go back to doing depth first deletion and >> reporting an error with deleting "." when it is finished. > > I actually agree with you on that point. ;-) > (Regarding 'rm -rf .') ---- Well, that's what much of my interest in this area and the newly created bug in "find" hinges on. > >>> Sorry, but doing things in rm(1) in a different order than POSIX >>> describes would lead to subtle breakage to lots of existing scripts. >> ---- >> I claim not. Come up with 1 case where scripts rely on the current >> behavior -- to "die" before doing anything useful, vs. the pre-existing >> behavior which was to issue an error (suppressible with "-f") on the >> final deletion failing. > > I have seen many various script writing styles. Some of them are > atrocious indeed. I would expect to at some point see someone use rm > on file system objects with abandon thinking that they won't remove > directories. Suddenly they will be able to remove directories. That > would be a change in behavior. Changing established behavior is bad. ----- *empty directories*.. lets be clear. I am NOT proposing that "rm" recursively remove anything without "-r"... > > I routinely use the opposite side of things myself. I routinely use > rmdir on empty directories knowing that if the directory is not empty > that it will fail and not remove any actual file content. I could > definitely see someone counting on the behavior that rm removes files > but never removes directories. (Unless the -r option is given.) ---- I use the fact that rm doesn't remove non-empty directories as well.. I'm not questioning that behavior. If someone relied on using "rm" to clean out a directory of any "fluff" or "dander" that had built up... I strongly believe that if "rm" also removed *empty* directories, it would be more likely to be appreciated by soemone who was using it to get rid of all the spurious file entries -- as empty directory entries are often just as spurious -- I'm often cleaning out skeletal trees of directories on my systems... I've even thought about the usefulness of "rmdir -r" -- which would recursively remove empty dirs starting at the top (with a limitation for "-xdev"... (I know about rmdir -p a/b/c).. but empty, wider skeletons are more common than skinny+tall dir-structures. (skinny=1 dir wide, many dirs deep). > >> I am calling your bluff -- show me the scripts (other than a posix >> conformance test script), that would fail -- subtly or otherwise. > > Anything I show would be contrived. But that doesn't mean that > changing the behavior should be done. > > mkdir a b c > touch aa bb cc > for f in *; do rm "$f"; done > > With existing behavior the directories would remain. With the new > proposed behavior the directories would be removed. That is a > behavior change that should not be made. ---- Why not? if you want 1 command that does both, why not implement a remove command == but wouldn't it commonly be abbreviated as 'rm'...? It would be a change. But it's not something that would cause the level of problems associated with disabling "rm -fr ." -- and that crippling change was made w/o a blink of an eyelash. (then Erik gets a bug up his **, about thinking how "useful" it is to have "find . -type d -empty -delete" always exist with a failure code. Just lovely.) ;-/ > > If you want that behavior then the -d option is present and > available. Simply use the -d option. > > mkdir a b c > touch aa bb cc > for f in *; do rm -d "$f"; done --- I could alias that, I s'pose.. and see if any scripts fail because of it... ;-) > > That gives you the behavior you are requesting. > >> I assert they don't exist for 2 reasons. The foremost being >> that working scripts cannot rely on upon the deletion failure >> stopping any useful work being done by the command. > > See the above example. ----- a demo script isn't a working script, nor is it a script that does any useful work. I specifically excluded posix compliance scripts -- which the above would be be more likely to be than a "working script"... >> The 2nd being it was a new change in posix that appeared in gnu >> utils in only the past few years. The previous 25-35 years of >> scripts would have relied on it working as *documented* (depth >> first). > > Since you are mentioning depth first I can only think you are talking > about 'rm -r'. How does that tie into remove(3)? ---- Only insomuch as empty dir removal is less of a feature change than aborting the entire command. > >> By your own standards for not changing something, "rm" should >> be fixed to be the way it was for 30-40 years, as. > > Huh? Stop here. Please explain. Your words here do not follow. --- Eric said that because rm was the way it was (failing on dir deletes) for 30-40 years, was reasoning not to change it, when the only consequence was ability to delete empty dirs, then undoing the posix damage of removing the entire functionality of being able to have rm create a pristine dir w/1 command (as well as not crossing fs-boundaries). Even using "rm *" in the directory if something in dir is a mount.. you end up deleting things on other file systems (I got the T-shirt; ;~>). > >> The problem is, is that by implementing that change, functionality >> was lost and removed in "rm". The earlier version had more >> functionality. So you can't come up with scripts that rely on >> missing functionality to get things done. It's like relying on >> missing water to water your plants or missing food to feed yourself. > > Are you talking about 'rm -rf .'? I agree with you on that one. That > was a bad change to disallow it. It just wasn't as severe as what you > are proposing. Disallowing 'rm -rf .' is a nanny-state type of > behavior. It annoys me. It shouldn't have been done. But changing > unlink(2) to remove(3) is much more severe and really, really > shouldn't be done. ---- I see the consequences of "rm -fr ." being worse, as the work-arounds have more mine-fields -- like deleting things on other file systems. As opposed to the unlink->remove change which would delete *empty directories*... I don't see that as nearly as harmful as deleting entire file-systems on mounted dirs... But to throw salt in the wound, Erik changed find so that it complains if you try to delete "." as in "find . -type d -empty -delete" -- my snapshot script used that as well as "rm -fr ." to clean out directories to be prepared to do "diffs" into. The find-clean empty dirs command is more of a way to save about 1-2% on space, as rsync likes to copy dirs over if the times are different (even when it is told not to copy empty dirs)... Anyway, that was the latest bug-up-my bonnet that caused me to think about these issues again.. trying to come up with anything useful.. like rm removing empty dirs seemed like it would be a minimal damage thing compared to other damage. As for rm-fr. = nanny ... yes.. got the impression it was implemented on BSD systems to protect the college kids -- but that wouldn't prevent allowing it with an ENV flag that lists commands to exclude from nanniness... some ENV flag EXPERT_MODE="rm(.),find(delete)" commands as needed" From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 20:29:02 2013 Received: (at 15926) by debbugs.gnu.org; 20 Nov 2013 01:29:03 +0000 Received: from localhost ([127.0.0.1]:33794 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ViwbG-00052u-5F for submit@debbugs.gnu.org; Tue, 19 Nov 2013 20:29:02 -0500 Received: from mx1.redhat.com ([209.132.183.28]:1385) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ViwbC-00052T-OF for 15926@debbugs.gnu.org; Tue, 19 Nov 2013 20:29:00 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAK1Sul8025073 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 19 Nov 2013 20:28:56 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAK1StbC020877; Tue, 19 Nov 2013 20:28:55 -0500 Message-ID: <528C1056.4020009@redhat.com> Date: Tue, 19 Nov 2013 18:28:54 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Linda Walsh , Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528BFC28.1070106@tlinx.org> In-Reply-To: <528BFC28.1070106@tlinx.org> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="DQfPbA4vxqOtaWTjQfef3Ik8ff2xdXw99" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DQfPbA4vxqOtaWTjQfef3Ik8ff2xdXw99 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/19/2013 05:02 PM, Linda Walsh wrote: > I'm not see what would break. instead of failing to remove a non-empty= > directory, it would remove it (if it was empty and permissions allowed)= =2E That's what would break. Scripts have been written to assume that 'rm empty_dir' will fail, and your proposal would change that assumption. Falling through to subsequent commands when you used to bail out early has all sorts of subtle implications, that we aren't willing to risk. > I would ask how it would fail in a script -- I.e. we are only talking > empty directories -- and currently an error would be returned if > a script tried to do that. If the script was catching errors or runnin= g > with "-e", the script would terminate under the current implementation.= 'set -e' is useless. I highly recommend that script writers avoid it. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --DQfPbA4vxqOtaWTjQfef3Ik8ff2xdXw99 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjBBXAAoJEKeha0olJ0NqxrgH/24jbKBrfBHYn1o8nTrgKWOi /NtFw9XktTzTpTE2EveFmMCkUhAUn9qnfenJIUdgZuBQXhVUdge4dRmsFQIFAlLY O4JJio5m55GHnZdHYK5Y7lGHu4Tgd637i3cK0oByfxTKV8RWkL+6/XzXjQaC4mzV dYO5tZZXAtRVboH4rk1ZMhbSpaYES3b+s4CV2A14H652D7O74pi06Wv180gqq9bT hVhIZfwYPy5PurExNvitJ8rFO5gzBLZ6tH2cbn3ERVA++gaudfxrc4XZztNJSigt m4ZAfVH59mNvgB83d1LYJm72/K7MO7FtlqL7Idr7zBqj9fSBNqKav9w2yIYlbLg= =B6q1 -----END PGP SIGNATURE----- --DQfPbA4vxqOtaWTjQfef3Ik8ff2xdXw99-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 19 21:19:35 2013 Received: (at 15926) by debbugs.gnu.org; 20 Nov 2013 02:19:35 +0000 Received: from localhost ([127.0.0.1]:33845 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VixOA-0006K7-MY for submit@debbugs.gnu.org; Tue, 19 Nov 2013 21:19:35 -0500 Received: from mx1.redhat.com ([209.132.183.28]:60768) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VixO6-0006Jx-9I for 15926@debbugs.gnu.org; Tue, 19 Nov 2013 21:19:32 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAK2JSlT002057 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 19 Nov 2013 21:19:29 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAK2JRCn009462; Tue, 19 Nov 2013 21:19:28 -0500 Message-ID: <528C1C2F.1060301@redhat.com> Date: Tue, 19 Nov 2013 19:19:27 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bob Proulx , 15926@debbugs.gnu.org Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> In-Reply-To: <20131119204511.GA4448@hysteria.proulx.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="PrVLXHOVpHoeo7hfpDG9nqMOX7C9Aqs7l" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --PrVLXHOVpHoeo7hfpDG9nqMOX7C9Aqs7l Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/19/2013 01:45 PM, Bob Proulx wrote: >> Posix changed that requiring special checks for ".". Scripts relied >> on that behavior for 30-40 years as well... If you want to use that >> reasoning, rm should go back to doing depth first deletion and >> reporting an error with deleting "." when it is finished. >=20 I see nothing in http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html that requires up-front special handling of trailing '.', only a callout to what rmdir() is required to do. Ultimately, rmdir("dir/.") is required to fail, but nothing in POSIX appears to allow us to short-circuit the recursive cleanup before attempting the failing command. > I actually agree with you on that point. ;-) > (Regarding 'rm -rf .') Yes, the 'rm -rf .' case appears to be a regression in coreutils that is contrary to the behavior required by POSIX. That is: $ mkdir /tmp/foo /tmp/foo/sub $ cd /tmp/foo $ rm -r . rm: cannot remove directory: =E2=80=98.=E2=80=99 $ ls sub appears to be a bug in current coreutils, because it should have successfully called rmdir("sub") prior to failing on the attempt to rmdir("."). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --PrVLXHOVpHoeo7hfpDG9nqMOX7C9Aqs7l Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjBwvAAoJEKeha0olJ0NqQzcIAKtY+CTthRRX67jwaOpkJuKi dRqmH3V/b6sKxlDYTisbI9dkyT+OYtsjJqh77/sDZXBmoy1PoytXUcnzgtLAlGF8 pdmYVwB1tG4Lhhl0JycR7hi8b73h7UUg6SJwOj8EwamtGYa2+iMyWfI+1UbqsoFB 1N1+MkxEBKGFiTftDkBUd+KEeF1Ay+c9vZBZKt1yWJN0y8S8+ER5HG/VKgwxcD+3 hoNM8K4FusnsyjuYKc2G8RHNhLBWGi5fcJwDVDdcRI4S06NZaydNTe+58zza1uPX YlC3r0ssTPmLC+DYQJCL3asHLjGUBhqNeMitUvTKcm+O9roc+eg4zUhQlzIEC0Q= =sUCv -----END PGP SIGNATURE----- --PrVLXHOVpHoeo7hfpDG9nqMOX7C9Aqs7l-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 20 01:46:11 2013 Received: (at 15926) by debbugs.gnu.org; 20 Nov 2013 06:46:11 +0000 Received: from localhost ([127.0.0.1]:33998 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vj1YA-0004hw-C3 for submit@debbugs.gnu.org; Wed, 20 Nov 2013 01:46:10 -0500 Received: from moutng.kundenserver.de ([212.227.17.9]:57443) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vj1Y7-0004hd-HD for 15926@debbugs.gnu.org; Wed, 20 Nov 2013 01:46:08 -0500 Received: from [192.168.1.11] (p5499C6C3.dip0.t-ipconnect.de [84.153.198.195]) by mrelayeu.kundenserver.de (node=mrbap3) with ESMTP (Nemesis) id 0Mfpbg-1W3qDo0H4O-00Ng8p; Wed, 20 Nov 2013 07:45:56 +0100 Message-ID: <528C5AA3.2050902@bernhard-voelker.de> Date: Wed, 20 Nov 2013 07:45:55 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> In-Reply-To: <528C1C2F.1060301@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:D1T8rbmW2oXrnss3vSX7JlzQEiY4nT+i5phkXggXhir ByIwzlnssC7ubyU/pd91+XEpHEeqA74+IM7E8SLgtPvzOS8s0w ITjKo3wsywMMQA2i5hSb77bkVSMYmnVnvg3Q0h5xoTr5wJDP9v 9/cgNK1Fl46KUK3BneeAvhnyzieA2nvr4gz7kcyv63Qd+hw2Zk 3bsOaEBdtt68bvjTxMgOd/HA3WtpuFjXrO+xau9ZMVRLSsI5Jo pMzFMdDOeVgiVMd5yedpHUXQIeyeGFb5427w6ae2pW3FEL0ICA lrK4BfnmJEO3Cp02uYXwoF78/PT4Pvxv6uBlSCJoXmcY31RlKr qF+IeeRhulUhNGVppYL2PxfrAkeXMX09yd6RnLu8S X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/20/2013 03:19 AM, Eric Blake wrote: > Yes, the 'rm -rf .' case appears to be a regression in coreutils that is > contrary to the behavior required by POSIX. That is: > > $ mkdir /tmp/foo /tmp/foo/sub > $ cd /tmp/foo > $ rm -r . > rm: cannot remove directory: ‘.’ > $ ls > sub > > appears to be a bug in current coreutils, because it should have > successfully called rmdir("sub") prior to failing on the attempt to > rmdir("."). I disagree: see at the top of: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html If either of the files dot or dot-dot are specified as the basename portion of an operand (that is, the final pathname component) or if an operand resolves to the root directory, rm shall write a diagnostic message to standard error and do nothing more with such operands. Maybe "cannot remove directory" is a bit weak - it's more like "refusing to remove dot|dot-dot|root directory". Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 20 08:44:13 2013 Received: (at 15926) by debbugs.gnu.org; 20 Nov 2013 13:44:13 +0000 Received: from localhost ([127.0.0.1]:34265 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vj84i-0007rP-My for submit@debbugs.gnu.org; Wed, 20 Nov 2013 08:44:13 -0500 Received: from mx1.redhat.com ([209.132.183.28]:25557) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vj84f-0007rE-8x for 15926@debbugs.gnu.org; Wed, 20 Nov 2013 08:44:11 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAKDi2gV019128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 20 Nov 2013 08:44:02 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAKDi1XU001879; Wed, 20 Nov 2013 08:44:01 -0500 Message-ID: <528CBCA1.70409@redhat.com> Date: Wed, 20 Nov 2013 06:44:01 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> In-Reply-To: <528C5AA3.2050902@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tcM3cdWEEAAHP0qd1221DPsQRNAmTWgNt" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tcM3cdWEEAAHP0qd1221DPsQRNAmTWgNt Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/19/2013 11:45 PM, Bernhard Voelker wrote: > On 11/20/2013 03:19 AM, Eric Blake wrote: >> Yes, the 'rm -rf .' case appears to be a regression in coreutils that = is >> contrary to the behavior required by POSIX. That is: >> >> $ mkdir /tmp/foo /tmp/foo/sub >> $ cd /tmp/foo >> $ rm -r . >> rm: cannot remove directory: =E2=80=98.=E2=80=99 >> $ ls >> sub >> >> appears to be a bug in current coreutils, because it should have >> successfully called rmdir("sub") prior to failing on the attempt to >> rmdir("."). >=20 > I disagree: see at the top of: >=20 > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html >=20 > If either of the files dot or dot-dot are specified as the basename > portion of an operand (that is, the final pathname component) or if > an operand resolves to the root directory, rm shall write a diagnosti= c > message to standard error and do nothing more with such operands. Ah, that's where it is. I was looking in the numbered steps, not the paragraph before the numbered steps. So it appears that coreutils is compliant after all. >=20 > Maybe "cannot remove directory" is a bit weak - it's more like > "refusing to remove dot|dot-dot|root directory". Indeed, a clearer error message would be possible. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --tcM3cdWEEAAHP0qd1221DPsQRNAmTWgNt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjLyhAAoJEKeha0olJ0NqlOsH/35FQtgNzqa2RZn3KH2KmsL4 YwJMahn80q+p7+BUv9vsfTBe3FSozQgDenRTtOCoi8EC7YbYqeK5xfVT4hqEHfs2 7QcwlNzmqG7O6AK2JKG6M/68Td+idPbLkLBWtSGAMKGt+yPJyKXdLJkxtT9oUDMN ZTisA1FJmfpit6LjU+3LWTvMHV/Vkf09I/5AtNOepyx7zL/bv+0jzvjU2op+HaCD KHaih2/76eimGURNIeUpAx1kZqi9AdSNp0HKhGgm3f4O3QoWrD3wd3WB3R+BJg6c v52j8j0JoZOyG2PKKq+beRRkmo6Ik6ukUTO16j0e1lBOK9GgAEK4y3wIqYeSDjw= =c87+ -----END PGP SIGNATURE----- --tcM3cdWEEAAHP0qd1221DPsQRNAmTWgNt-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 20 19:03:30 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 00:03:30 +0000 Received: from localhost ([127.0.0.1]:35413 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjHk1-0000w7-Ql for submit@debbugs.gnu.org; Wed, 20 Nov 2013 19:03:30 -0500 Received: from moutng.kundenserver.de ([212.227.126.187]:61069) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjHjy-0000vm-FX for 15926@debbugs.gnu.org; Wed, 20 Nov 2013 19:03:27 -0500 Received: from [192.168.1.11] (p5499C6C3.dip0.t-ipconnect.de [84.153.198.195]) by mrelayeu.kundenserver.de (node=mreu4) with ESMTP (Nemesis) id 0MhamE-1W5mfm1M8I-00McsZ; Thu, 21 Nov 2013 01:03:16 +0100 Message-ID: <528D4DC3.9060806@bernhard-voelker.de> Date: Thu, 21 Nov 2013 01:03:15 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> In-Reply-To: <528CBCA1.70409@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:SYHT5yxioOzOUGKyX4FGc/qMvfB/yKdKdptgFOIYuAG esaJFD+MSFAjcR7q4lcDsxz5c6KZJZnHaaSIvV2+CeMjjQNJCk XhtKVe5NGXfTjaBFGkyqEjBScOFY0lCKt70f0gCIGGcEtRQRe4 JACUecyHQ1r2lxyq8KO9jY5qa3OOk+IuQSI54MVoyjUQ1hjfPt HhhxyFeQjxp+KR3Tdksue1VvwJ5jzswpqU3rxNHTl7qIKcRqHX RoTbhFXppAB8c2HkAEKKsoti6onYt6EkJtUrB6jWHmVPhHKQos ZEokTHI7AHk8h9iDV13s6Q/aCP6ZG2f0zoLqHeWBSizE9ZSopR g8lWeDsQNlME+2bbqHR3fZMRwSf2KwrWmzSZTYHO9 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/20/2013 02:44 PM, Eric Blake wrote: > On 11/19/2013 11:45 PM, Bernhard Voelker wrote: >> Maybe "cannot remove directory" is a bit weak - it's more like >> "refusing to remove dot|dot-dot|root directory". > > Indeed, a clearer error message would be possible. What about the following? $ src/rm -r src/. src/rm: refusing to remove '.' or '..' directory: skipping 'src/.' I didn't want to explicitly mention POSIX here ... it's just to clarify that rm(1) does not swallow errors from the kernel like EPERM, etc. The texinfo file is enhanced in the patch below, too. Have a nice day, Berny >From f85ec85852ea62e4fe4510044ffb4b31880a6b7c Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Thu, 21 Nov 2013 00:47:36 +0100 Subject: [PATCH] doc: enhance diagnostic when rm skips "." or ".." arguments The error diagnostic "rm: cannot remove directory: '.'" does not give the user a hint for the reason. Issue a clearer error message. * src/remove.c (rm_fts): Enhance the error diagnostic in the above case to emphasize that skipping is done deliberately. In the corresponding comment, mention that POSIX mandates this behavior. Likewise in the subsequent comment for skipping "/". * doc/coreutils.texi (rm invocation): In the paragraph describing the above behavior, mention that POSIX mandates it. --- doc/coreutils.texi | 3 ++- src/remove.c | 12 ++++++++---- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/coreutils.texi b/doc/coreutils.texi index 035f2e6..64713dc 100644 --- a/doc/coreutils.texi +++ b/doc/coreutils.texi @@ -9281,7 +9281,8 @@ the @option{-f} or @option{--force} option is not given, or the If the response is not affirmative, the file is skipped. Any attempt to remove a file whose last file name component is -@file{.} or @file{..} is rejected without any prompting. +@file{.} or @file{..} is rejected without any prompting, as mandated +by POSIX. @emph{Warning}: If you use @command{rm} to remove a file, it is usually possible to recover the contents of that file. If you want more assurance diff --git a/src/remove.c b/src/remove.c index cdbbec5..3d386cf 100644 --- a/src/remove.c +++ b/src/remove.c @@ -437,17 +437,21 @@ rm_fts (FTS *fts, FTSENT *ent, struct rm_options const *x) /* Perform checks that can apply only for command-line arguments. */ if (ent->fts_level == FTS_ROOTLEVEL) { - /* If the basename of a command line argument is "." or "..", + /* POSIX says: + If the basename of a command line argument is "." or "..", diagnose it and do nothing more with that argument. */ if (dot_or_dotdot (last_component (ent->fts_accpath))) { - error (0, 0, _("cannot remove directory: %s"), - quote (ent->fts_path)); + error (0, 0, + _("refusing to remove %s or %s directory: skipping %s"), + quote_n (0, "."), quote_n (1, ".."), + quote_n (2, ent->fts_path)); fts_skip_tree (fts, ent); return RM_ERROR; } - /* If a command line argument resolves to "/" (and --preserve-root + /* POSIX also says: + If a command line argument resolves to "/" (and --preserve-root is in effect -- default) diagnose and skip it. */ if (ROOT_DEV_INO_CHECK (x->root_dev_ino, ent->fts_statp)) { -- 1.8.3.1 From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 20 19:48:29 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 00:48:30 +0000 Received: from localhost ([127.0.0.1]:35458 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjIRZ-00023s-Lt for submit@debbugs.gnu.org; Wed, 20 Nov 2013 19:48:29 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:45113) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjIRY-00023j-5A for 15926@debbugs.gnu.org; Wed, 20 Nov 2013 19:48:28 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rAL0mKTA056617; Wed, 20 Nov 2013 16:48:22 -0800 Message-ID: <528D5853.3070707@tlinx.org> Date: Wed, 20 Nov 2013 16:48:19 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> In-Reply-To: <528D4DC3.9060806@bernhard-voelker.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Eric Blake , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 20/11/2013 16:03, Bernhard Voelker wrote: > $ src/rm -r src/. > src/rm: refusing to remove '.' or '..' directory: skipping 'src/.' That gets back to what Bob mentioned about it being a nanny-restriction. The inevitable comment to be asked by someone is "Refuse? Isn't it my computer? How do I override such a refusal? I seem to remember reading that the "-f" flag was specifically added to override such such a refusal w/no further comment." Answer: well, yeah it was, but they caught MS-itus, and wanted to put in "are you really sure? (y/[n])", but weren't allowed to ask more questions, so it just wins because its not your system anymore. **- Is it true that you can override this with -supercalifragilisticexpialidocious flag? 1/2:-) I still think an ENV flag that lists the command and behavior to override would be a specific enough, yet generally enough solution to safely make a case for allowing it. I.e. _EXPERT_="rm(.) command(feature1 feature2) find(.error)" From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 20 21:07:23 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 02:07:23 +0000 Received: from localhost ([127.0.0.1]:35535 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjJfv-0005Di-Dm for submit@debbugs.gnu.org; Wed, 20 Nov 2013 21:07:23 -0500 Received: from mx1.redhat.com ([209.132.183.28]:39584) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjJfs-0005DU-6i for 15926@debbugs.gnu.org; Wed, 20 Nov 2013 21:07:21 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAL27BDl023229 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 20 Nov 2013 21:07:11 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAL27AgT020092; Wed, 20 Nov 2013 21:07:11 -0500 Message-ID: <528D6ACE.9000604@redhat.com> Date: Wed, 20 Nov 2013 19:07:10 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> In-Reply-To: <528D4DC3.9060806@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="DkbRorsg9atfFG3I4XNGLqKch1ijrSwi9" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DkbRorsg9atfFG3I4XNGLqKch1ijrSwi9 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/20/2013 05:03 PM, Bernhard Voelker wrote: > On 11/20/2013 02:44 PM, Eric Blake wrote: >> On 11/19/2013 11:45 PM, Bernhard Voelker wrote: >>> Maybe "cannot remove directory" is a bit weak - it's more like >>> "refusing to remove dot|dot-dot|root directory". >> >> Indeed, a clearer error message would be possible. >=20 > What about the following? >=20 > $ src/rm -r src/. > src/rm: refusing to remove '.' or '..' directory: skipping 'src/.' That helps. But I'm also starting to think we should add a new long option --no-preserve-dot, similar to how --no-preserve-root can be used to work around the restriction. Then people that want to can create an alias or other wrapper around rm to get the non-nanny behavior, while the default behavior still complies with POSIX. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --DkbRorsg9atfFG3I4XNGLqKch1ijrSwi9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjWrOAAoJEKeha0olJ0Nq2QEH/3yNy3MibkL+2ojb+A/MC4y1 L1QO0IMNIQZea0d/B3+sFxPwmnXopC63BmTOhc8Te1y1k2O5VW1WK8XjCYBDo+R4 cz5BcdJNaEdaPkRVZ3whk6t8LJEMa+41E+3IbWHLfNZXQN0YdC/Eu4Hc5cp4B6ga mgOtHXcpmc7RYZCaaascUTAIPP8tkvkwMCqbBElu9dy+0gtOr4EDlLzuf3KkCW9S //ca4jqdSOaL9yUjjD5pDpXnWdl97IXV2z1EBBqgGu2dHFlg2Syge4ZQD98nfffh sxoWDUsl1zXKVl4fwMaMF2YrjExxpz+AbEWRaVOrkcMc9uUAeT8FygesGl79Ywc= =KhGx -----END PGP SIGNATURE----- --DkbRorsg9atfFG3I4XNGLqKch1ijrSwi9-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 20 21:08:29 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 02:08:29 +0000 Received: from localhost ([127.0.0.1]:35539 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjJgy-0005Fn-Rm for submit@debbugs.gnu.org; Wed, 20 Nov 2013 21:08:29 -0500 Received: from mx1.redhat.com ([209.132.183.28]:55912) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjJgw-0005Fd-SK for 15926@debbugs.gnu.org; Wed, 20 Nov 2013 21:08:27 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAL28M4G023564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 20 Nov 2013 21:08:22 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAL28LAL020224; Wed, 20 Nov 2013 21:08:22 -0500 Message-ID: <528D6B15.8090806@redhat.com> Date: Wed, 20 Nov 2013 19:08:21 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Linda Walsh , Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D5853.3070707@tlinx.org> In-Reply-To: <528D5853.3070707@tlinx.org> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="sQPnMTCdkXuLNkamrW9woIjE2FhPL5ogU" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --sQPnMTCdkXuLNkamrW9woIjE2FhPL5ogU Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/20/2013 05:48 PM, Linda Walsh wrote: > I still think an ENV flag that lists the command Environment variables that modify behavior are nasty, and should generally be avoided when simpler solutions exist. In this case, I'd much rather add a long option, 'rm --no-preserve-dot', and let you write an alias or other wrapper when you want the non-default behavior. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --sQPnMTCdkXuLNkamrW9woIjE2FhPL5ogU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjWsVAAoJEKeha0olJ0NqIoIIAKrZsTR56rYqvzs8PdrZ4upM tyLD1/emoJMq1H4iVMTuUK7viw+Pq0yZF/l44oU/lP3MoFg4WmiVpGfvBDVzW5dK k2p78eZbDuX8imYWvZSiJ7Sf92IWsTjbhtZUNTCcXKzQvZJmkSvuCkfmM2zq3iGV VyOMH5ORycwvxAJoiWt2ZXxlWsOLA+O2A5U3c/97X6VWDrRc0SsP5b+9n1uLaBIh /V7EQwDE8FIYLueEmdBAAV4ljSJRRKcWn7Ps3QRW4of99Ha1XLJNHWq37EvZ0NPO WYe/tH1AbX+FIMPr0rDTnNIhgyeLPgAoEmsFvag8nCtSx2rZ91p6/9dD+ZkeMfM= =eKpw -----END PGP SIGNATURE----- --sQPnMTCdkXuLNkamrW9woIjE2FhPL5ogU-- From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 20 21:16:43 2013 Received: (at control) by debbugs.gnu.org; 21 Nov 2013 02:16:43 +0000 Received: from localhost ([127.0.0.1]:35553 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjJow-0005TF-An for submit@debbugs.gnu.org; Wed, 20 Nov 2013 21:16:42 -0500 Received: from mx1.redhat.com ([209.132.183.28]:17453) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjJot-0005Sv-Qj; Wed, 20 Nov 2013 21:16:40 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAL2GYPA027255 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 20 Nov 2013 21:16:35 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAL2GXQw023825; Wed, 20 Nov 2013 21:16:33 -0500 Message-ID: <528D6D01.2050807@redhat.com> Date: Wed, 20 Nov 2013 19:16:33 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Linda Walsh , 15943@debbugs.gnu.org, GNU bug tracker automated control server Subject: Re: bug#15943: [PATCH] doc: enhance diagnostic when rm skips "." or ".." arguments References: <528D59D6.1040707@tlinx.org> In-Reply-To: <528D59D6.1040707@tlinx.org> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="c8d0Qc32ruCQ9290va63OM75vt3kmqa4H" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --c8d0Qc32ruCQ9290va63OM75vt3kmqa4H Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable forcemerge 15943 15926 thanks On 11/20/2013 05:54 PM, Linda Walsh wrote: > On 20/11/2013 15:47, Bernhard Voelker wrote: >> >> - /* If a command line argument resolves to "/" (and >> --preserve-root >> + /* POSIX also says: >> + If a command line argument resolves to "/" (and No need to spawn a new bug when the existing bug tracking the issue is still under discussion. And on the surface, this email has nothing to do with the subject line of "enhance diagnostic when rm skips "." or ".." arguments". >=20 > Maybe since '/' doesn't really delete the file system itself, > but only files and dirs underneath '/', Huh? When POSIX-compliant (that is, when --preserve-root is in effect), attempting to 'rm -r /' does nothing at all. When bypassing POSIX (with 'rm -r --no-preserve-root'), rm will delete as much as possible, and eventually fail once it has deleted system resources that were essential to the correct operation of the computer; but if you can get far enough, it would eventually attempt rm("/"). >=20 > Then the correct solution is if a user says > to remove /tmp/ > it will remove everything under /tmp but not /tmp itself? >=20 > That doesn't seem to be disallowed by POSIX... Not true. POSIX requires 'rm -r /tmp/' to attempt to delete /tmp, but that it might fail to do so if nested files are not deleted (perhaps due to ownership) or if the user doesn't have rights to delete /tmp. > (its a bit absurd, but as long as it conforms to POSIX > it should be fine, right? ;-/) Your idea of skipping the attempt to delete /tmp would not conform with POSIX. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --c8d0Qc32ruCQ9290va63OM75vt3kmqa4H Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjW0BAAoJEKeha0olJ0NqupAIAJUrYxkaf89uRWKw1j7d+s19 Q3ynzpLv2wvuDNLwijRfS7dfR9SQrUnKwD318Ms7TUPKvyp6JLYT1wu2hH4DAsDK HvpAEbcZYP0KJVvmA+X97JeCyo74A2E74cc9606u5jbHsnvVAuU+ZGdGCQZXwl0v T/zQ5hooaEWoO69UflBWou4BTNqEiYgFdQrj24QgdZlB/mwSPVRytVuB48n9iJfc OZSvGC9GwwajNzdqmLvlmPeDYt8BFzXplqIr18NIQZTKCiUtfRdeuNoGL3C2Yo3z jhv4cgpAktu8tpHjX9Ue9E/jczbP0KXc08su5LYozwiRZZD7hH7MGeMq1M19Yyw= =2Vxq -----END PGP SIGNATURE----- --c8d0Qc32ruCQ9290va63OM75vt3kmqa4H-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 01:32:42 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 06:32:42 +0000 Received: from localhost ([127.0.0.1]:35695 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjNof-0004sC-G9 for submit@debbugs.gnu.org; Thu, 21 Nov 2013 01:32:41 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:56769) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjNoc-0004rw-V2 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 01:32:40 -0500 Received: from [192.168.1.11] (p5499C6C3.dip0.t-ipconnect.de [84.153.198.195]) by mrelayeu.kundenserver.de (node=mreu3) with ESMTP (Nemesis) id 0MUgYZ-1WA5rQ3G9D-00RLsE; Thu, 21 Nov 2013 07:32:23 +0100 Message-ID: <528DA8F7.4040208@bernhard-voelker.de> Date: Thu, 21 Nov 2013 07:32:23 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Linda Walsh Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D5853.3070707@tlinx.org> In-Reply-To: <528D5853.3070707@tlinx.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:JzmMQBNpVNIzIt7/TT6Hjtcgs37c4v52jrWmk7lM7Qk Ek6YSeYJ3oN+rlhypMJ6CP7Hk6ER5P341L1xGddjwqAGFmJl/j G5Laaa3CSjCEtyRCSqh8AQbmECTSDjrs6e5uoKH8cNgBX286NG MC4xXst0itCw48gjquvgOKhV1GVny3ADLPnzReMU/NSYx/jYlK dLoyw7GadNBdQsCAMiroqGvGBTpkTbgQhNx8sktjZuNcEDtcGB y6/wprki7AmeZWP+ZzxU8afGWEQIUEa+kVEae0NRUGjPw+4+BV 9PKwMZfNqDJpojfv4wQWzWdA18wOHslfcqZWmj857q6NVWg/WY eIR64LnS9vqKBHK9qg08O/TcX7Q3ks/iLVXAtPq1n X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Eric Blake , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/21/2013 01:48 AM, Linda Walsh wrote: > Isn't it my computer? How do I override such a refusal? That riddle isn't too hard, is it? ;-) POSIX (and common sense) forbids to remove something ending on ".". Therefore just use the canonicalized name, e.g.: $ mkdir /tmp/xx $ cd /tmp/xx $ rm -rv . rm: refusing to remove ‘.’ or ‘..’ directory: skipping ‘.’ $ rm -rv "$(pwd -P)" removed directory: ‘/tmp/xx’ or alternatively (just the rm invocation): $ rm -rv "$(readlink -f .)" removed directory: ‘/tmp/xx’ As you were mentioning MS: the above obviously won't probably work in Cygwin as the underlying (file) system may return EBUSY. Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 02:12:56 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 07:12:56 +0000 Received: from localhost ([127.0.0.1]:35721 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjORb-0005rr-1t for submit@debbugs.gnu.org; Thu, 21 Nov 2013 02:12:55 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:58898) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjORX-0005ra-R0 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 02:12:52 -0500 Received: from [192.168.1.11] (p5499C6C3.dip0.t-ipconnect.de [84.153.198.195]) by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis) id 0Ld1ZU-1VIp7F3ZXk-00i9uv; Thu, 21 Nov 2013 08:12:46 +0100 Message-ID: <528DB26D.40307@bernhard-voelker.de> Date: Thu, 21 Nov 2013 08:12:45 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> In-Reply-To: <528D6ACE.9000604@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:8O7kesEFnsrvwEji7HMXOJ/j1HYnyRXlAbhMJ10+O9S Ul7e79CgKQNO8Qcrtnev8tb+1dFij9xcaDJYDLEKYVh1jrLTkF W35jouQFJs1SQ6SMU2sqSq9sLpyRgbuk1HNAUj9a0lt0S5JFSj 0jkGZZja4yqSNuaUJ0HHlY7wQ7ZgpsYcNHsYLtjrYs62ztznVy 6igQ8ZrKHNCChiAw4rnrWgX3zT5TNji3v4340FXIlIqUOJFPmt 6J0Ikk5NJLOSrjNXygQkN+txJ3Qs7CRDakxRl/rYI2Nx/ZYAMd yOzmYGoOJEuTE4XKix6vav7bZxhf+iLo+TBoHO7Np3JKxDRLNt bhR5yrWI+KJhQucxJm6ZLXnrA/PUSMnJPzaWzkZR9 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/21/2013 03:07 AM, Eric Blake wrote: > On 11/20/2013 05:03 PM, Bernhard Voelker wrote: >> What about the following? >> >> $ src/rm -r src/. >> src/rm: refusing to remove '.' or '..' directory: skipping 'src/.' > > That helps. Thanks, I'll push it unless someone comes up with a better wording. > But I'm also starting to think we should add a new long > option --no-preserve-dot, similar to how --no-preserve-root can be used > to work around the restriction. Then people that want to can create an > alias or other wrapper around rm to get the non-nanny behavior, while > the default behavior still complies with POSIX. Admittedly, compared to the academic question behind "--no-preserve-root" (which is like "what happens to me when the globe under my feet disappears?"), there may be more real-world reasons to remove ".". However, as it's possible to pass the canonicalized file name of "." or ".." to rm(1), I'm not yet convinced that it warrants adding a new --no-preserve-dot-or-dotdot (and for symmetry reasons a new --preserve-dot-or-dotdot) option. Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 03:54:44 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 08:54:44 +0000 Received: from localhost ([127.0.0.1]:35895 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjQ27-00005a-Eq for submit@debbugs.gnu.org; Thu, 21 Nov 2013 03:54:43 -0500 Received: from mail3.vodafone.ie ([213.233.128.45]:41519) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjQ24-00005H-W6 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 03:54:41 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.77.96.103]) by mail3.vodafone.ie with ESMTP; 21 Nov 2013 08:54:34 +0000 Message-ID: <528DCA49.7050408@draigBrady.com> Date: Thu, 21 Nov 2013 08:54:33 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> In-Reply-To: <528D4DC3.9060806@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/21/2013 12:03 AM, Bernhard Voelker wrote: > if (dot_or_dotdot (last_component (ent->fts_accpath))) > { > - error (0, 0, _("cannot remove directory: %s"), > - quote (ent->fts_path)); > + error (0, 0, > + _("refusing to remove %s or %s directory: skipping %s"), > + quote_n (0, "."), quote_n (1, ".."), > + quote_n (2, ent->fts_path)); That's a good clarification. Please push. thanks! Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 03:56:04 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 08:56:05 +0000 Received: from localhost ([127.0.0.1]:35899 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjQ3Q-000086-6D for submit@debbugs.gnu.org; Thu, 21 Nov 2013 03:56:04 -0500 Received: from mail3.vodafone.ie ([213.233.128.45]:20983) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjQ3L-00007Y-MS for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 03:56:00 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.77.96.103]) by mail3.vodafone.ie with ESMTP; 21 Nov 2013 08:55:54 +0000 Message-ID: <528DCA98.3070203@draigBrady.com> Date: Thu, 21 Nov 2013 08:55:52 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> In-Reply-To: <528DB26D.40307@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Eric Blake X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/21/2013 07:12 AM, Bernhard Voelker wrote: > On 11/21/2013 03:07 AM, Eric Blake wrote: >> On 11/20/2013 05:03 PM, Bernhard Voelker wrote: >>> What about the following? >>> >>> $ src/rm -r src/. >>> src/rm: refusing to remove '.' or '..' directory: skipping 'src/.' >> >> That helps. > > Thanks, I'll push it unless someone comes up with a better wording. > >> But I'm also starting to think we should add a new long >> option --no-preserve-dot, similar to how --no-preserve-root can be used >> to work around the restriction. Then people that want to can create an >> alias or other wrapper around rm to get the non-nanny behavior, while >> the default behavior still complies with POSIX. > > Admittedly, compared to the academic question behind "--no-preserve-root" > (which is like "what happens to me when the globe under my feet disappears?"), > there may be more real-world reasons to remove ".". > > However, as it's possible to pass the canonicalized file name of "." > or ".." to rm(1), I'm not yet convinced that it warrants adding a > new --no-preserve-dot-or-dotdot (and for symmetry reasons a new > --preserve-dot-or-dotdot) option. I would say this does not need an option for the reason you describe. thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 05:44:07 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 10:44:07 +0000 Received: from localhost ([127.0.0.1]:36007 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjRjz-0002vv-1r for submit@debbugs.gnu.org; Thu, 21 Nov 2013 05:44:07 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:43103) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjRjx-0002vl-4K for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 05:44:05 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rALAhtbm013786; Thu, 21 Nov 2013 02:43:57 -0800 Message-ID: <528DE3EC.309@tlinx.org> Date: Thu, 21 Nov 2013 02:43:56 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D5853.3070707@tlinx.org> <528DA8F7.4040208@bernhard-voelker.de> In-Reply-To: <528DA8F7.4040208@bernhard-voelker.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Eric Blake , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 20/11/2013 22:32, Bernhard Voelker wrote: > On 11/21/2013 01:48 AM, Linda Walsh wrote: >> Isn't it my computer? How do I override such a refusal? > $ rm -rv "$(pwd -P)" > removed directory: ‘/tmp/xx’ -- That doesn't give the same behavior and isn't what I want. Compare to "cp". Say I want to create a copy of what is in dir "a" inside of a pre-existing dir "b". In dir "a" are files and sub dirs. On some of those subdirs, other file systems *may* be mounted -- EITHER in the dir immediately under "a", OR lower: I would use "cp -alx a/. b/." Sometime later, I want to remove the contents of 'b' w/o disturbing 'b'. 'b' may have file systems mounted under it or not. Again, I would use the "dot" notation. "rm -fxr b/." "rm -fxr /b", as you suggest isn't the same thing. Directories are containers. I want to work just with the contents -- not the directory itself. So how do I override the refusal -- and get the same results? From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 06:01:37 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 11:01:37 +0000 Received: from localhost ([127.0.0.1]:36027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjS0v-0003OA-1r for submit@debbugs.gnu.org; Thu, 21 Nov 2013 06:01:37 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:58671) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjS0s-0003Nv-Ch for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 06:01:35 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mreu4) with ESMTP (Nemesis) id 0M1uF5-1VPiTE0Ltb-00u3d8; Thu, 21 Nov 2013 12:01:27 +0100 Message-ID: <528DE805.5020703@bernhard-voelker.de> Date: Thu, 21 Nov 2013 12:01:25 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528DCA49.7050408@draigBrady.com> In-Reply-To: <528DCA49.7050408@draigBrady.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:zzNEWMbFYNvZg+JnMX9nC/NgpqKqpJgAnxWHSpA1x/d 4Mc4ZAEERehrH112ZA28/ZEc7E1lPAdcN8dFUp/523IYuAE7FF uzbq/dw1zHyX/LAQlo1wuhOybOSDEJLzRPjFVsMV66a/0LNdnp IKeBdWVZuZW4fCJaHZ1OnMlFZFzZEKq68q2pZM8GlTruUwps1r K5hxTg0KgKr+XIo0VmVf2+4f/HejT3ny1so6lZGrI7WGWPDx+7 jCa7R2c8HRkC9NVslZHifru9n56EdvFrx5RaGkywIrvVCb1vwd WruCat1sSSsOhUB5dKI8PWU/h9wi+7svbs+7jv4CCr1NoE0cWa GLawrk/KE+5ykfDGum4j2wSE5ROE8Vw7EinE9hYGy X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/21/2013 09:54 AM, Pádraig Brady wrote: > On 11/21/2013 12:03 AM, Bernhard Voelker wrote: >> if (dot_or_dotdot (last_component (ent->fts_accpath))) >> { >> - error (0, 0, _("cannot remove directory: %s"), >> - quote (ent->fts_path)); >> + error (0, 0, >> + _("refusing to remove %s or %s directory: skipping %s"), >> + quote_n (0, "."), quote_n (1, ".."), >> + quote_n (2, ent->fts_path)); > > That's a good clarification. Please push. Thanks, pushed: http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=2da7009d Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 08:39:28 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 13:39:29 +0000 Received: from localhost ([127.0.0.1]:36271 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjUTg-0000FG-3Q for submit@debbugs.gnu.org; Thu, 21 Nov 2013 08:39:28 -0500 Received: from mx1.redhat.com ([209.132.183.28]:60951) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjUTc-0000F6-M2 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 08:39:26 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALDdHxb001821 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 08:39:17 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALDdFDG024303; Thu, 21 Nov 2013 08:39:16 -0500 Message-ID: <528E0D03.5000603@redhat.com> Date: Thu, 21 Nov 2013 06:39:15 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> In-Reply-To: <528DB26D.40307@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="M6eejBTE9RclqW20UTtUUgfRetwTwxhpU" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --M6eejBTE9RclqW20UTtUUgfRetwTwxhpU Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 12:12 AM, Bernhard Voelker wrote: >=20 > Admittedly, compared to the academic question behind "--no-preserve-roo= t" > (which is like "what happens to me when the globe under my feet disappe= ars?"), > there may be more real-world reasons to remove ".". But that's not what Linda is asking for. She is not asking to pull "." out of under her feet. Instead, she wants a command that will recursively remove the children of ".", but then leave "." itself unremoved (whether by virtue of the fact that rmdir(".") must fail and so the overall rm command fails, or by explicitly skipping the attempt to rmdir(".") and letting rm succeed). Right now, the nanny rule of POSIX is preventing the recursion, so you have to use contortions such as the POSIX 'find . -depth ! -name . -exec rm {} +'. So I think it IS useful to add an option that forces 'rm -r' to bypass the nanny rule and recurse on ".". Maybe naming it --no-preserve-dot is wrong. Maybe a better name is 'rm -r --children-only .'. At which point, I would much rather see us skip the rmdir(".") in order to allow rm to succeed. And it would also work even for non-dot situations: 'rm -r --children-only dir'. In other words, I _do_ see what Linda is asking for, and think it is worth providi= ng. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --M6eejBTE9RclqW20UTtUUgfRetwTwxhpU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjg0DAAoJEKeha0olJ0NqBL0H/0LoakYOybcORi5/8TPjJTj1 ejLMHtwaLkL9bVqdE7644U26HfxYhp4IuHxp9dBjI3tiaJOZVXXzc9wFd9CnVxiO FMw88A4f5V6T0iSY7jHlJGdMPl8D+DzHRX7IR/0BOrs51mrPLsaTK+n/qWUd9Mc7 YIyGokmAY5hFYJVzEk/5stY3lNBtTJA+bAdFFBINHJt0Smayau92v5hdyyAWFusc vl1YM+jhQq5drQI6lq63CglFwT99leMUA36JToDzrh/9AVOlxzSTbcR64SqEMGsf pYC0+SDfyCVUiNz4kVK0KKUE0iyhwSNWLTG8Xt1VTmrmt2O1moDE1cjTNtzjruk= =7Zp9 -----END PGP SIGNATURE----- --M6eejBTE9RclqW20UTtUUgfRetwTwxhpU-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 09:43:06 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 14:43:06 +0000 Received: from localhost ([127.0.0.1]:36304 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjVTF-0001np-Fa for submit@debbugs.gnu.org; Thu, 21 Nov 2013 09:43:05 -0500 Received: from moutng.kundenserver.de ([212.227.126.187]:58085) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjVTD-0001nK-5Y for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 09:43:04 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis) id 0M1kWE-1VPLuu3UtO-00togV; Thu, 21 Nov 2013 15:42:54 +0100 Message-ID: <528E1BEE.6060102@bernhard-voelker.de> Date: Thu, 21 Nov 2013 15:42:54 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> In-Reply-To: <528E0D03.5000603@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:GejWIpTdTbiEk1pA8Hpjl0NYH88knICNzFMTRg3E247 /Zpxpa1WnHFxyzFMLAeGXYKnGRh7UI5fm9Dm23GeG3F8cz2RHk sP1gSqsmCzNsyB59IImjuntWPlT+pSvqUnmBPYEpLFInTKUxJF 0dRNDbeoWMfQ2nfqQ1QGwHDzNoXy6bLArBUbSe3HZD3rl1Ljal 2UWtfK2ZmU8A7HwSfTw5bDW0gVFtjKmfIQyvcdWuHh2PoomBHg /uZ73cKP6K5b/9G9yeIr/MX2ZB338OeWrsCpCIXFxpExE3uo3Q eDBGd0IkqgcssdNx6XnL7PE5FdAvkCL8MrFfSQCUvXebbJCDV7 ePxwyg/P583c5KbBQLdjkp4VPSfR9147rrKigHNm7 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/21/2013 02:39 PM, Eric Blake wrote: > [...] Instead, she wants a command that will > recursively remove the children of ".", but then leave "." itself > unremoved (whether by virtue of the fact that rmdir(".") must fail and > so the overall rm command fails, or by explicitly skipping the attempt > to rmdir(".") and letting rm succeed). Right now, the nanny rule of > POSIX is preventing the recursion, so you have to use contortions such > as the POSIX 'find . -depth ! -name . -exec rm {} +'. So I think it IS > useful to add an option that forces 'rm -r' to bypass the nanny rule and > recurse on ".". I realized the difference when reading her latest message. (It's often hard to follow her; sorry Linda.) > Maybe naming it --no-preserve-dot is wrong. Maybe a better name is 'rm > -r --children-only .'. At which point, I would much rather see us skip > the rmdir(".") in order to allow rm to succeed. And it would also work > even for non-dot situations: 'rm -r --children-only dir'. In other > words, I_do_ see what Linda is asking for, and think it is worth providing. Okay, I see the point: so now we're talking about the following (with "." to be allowed instead of 'dir'): $ mkdir dir dir/sub $ touch dir/file dir/sub/another $ rm -rv --children-only dir removed 'dir/file' removed 'dir/sub/another' removed directory: 'dir/sub' retaining directory argument due to --children-only: 'dir' $ ls -d dir dir I'm not happy with the semantic as the difference to all other existing uses of rm(1) would be that the argument is explicitly not removed, but well, ... Such --children-only would require some extra checking on arguments, because only arguments of type directory are allowed. And there'd be some strange corner cases to decide about, e.g. consider rm -r --children dir/sub dir Should "dir/sub" be removed/retained in this case? ... Anyhow, handling such cases would add considerable bloat to the code. Does anyone know of such an option in other rm(1) implementations? Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 10:12:04 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 15:12:04 +0000 Received: from localhost ([127.0.0.1]:36838 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjVvH-0002dU-OC for submit@debbugs.gnu.org; Thu, 21 Nov 2013 10:12:04 -0500 Received: from mx1.redhat.com ([209.132.183.28]:52336) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjVvE-0002d3-Fq for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 10:12:02 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALF6Oor002877 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 10:06:24 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALF6N7U019945; Thu, 21 Nov 2013 10:06:23 -0500 Message-ID: <528E216E.5040809@redhat.com> Date: Thu, 21 Nov 2013 08:06:22 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E1BEE.6060102@bernhard-voelker.de> In-Reply-To: <528E1BEE.6060102@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="0jo57PqcdgggaXU3kWBDFTcBf6DkpiS4e" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0jo57PqcdgggaXU3kWBDFTcBf6DkpiS4e Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 07:42 AM, Bernhard Voelker wrote: > I'm not happy with the semantic as the difference to all other existing= > uses of rm(1) would be that the argument is explicitly not removed, > but well, ... Such is life - and that's why it requires a new long option. >=20 > Such --children-only would require some extra checking on arguments, > because only arguments of type directory are allowed. That's one idea. Another idea is to make the option handle directories specially but have no change for regular files (similar to how 'rm -d' handles directories specially but has no change for regular files). > And there'd be some strange corner cases to decide about, e.g. consider= > rm -r --children dir/sub dir > Should "dir/sub" be removed/retained in this case? ... Removed; as always, rm processes command line arguments in order, so even though dir/sub is left alone after the first argument is processed, the second argument removes dir/sub without any care in the world what processing the first argument did. > Anyhow, handling such cases would add considerable bloat to the code. Hard to say that it is considerable bloat without seeing a patch; we already know when the top-level arguments are directories thanks to 'rm -= d'. >=20 > Does anyone know of such an option in other rm(1) implementations? Not in rm(1) per se, but I _do_ know that the paradigm is common in other hierarchical based systems. For example, in libvirt, you can maintain a tree-based view of snapshots, and for removing a branch of that tree, libvirt exposes the option to either remove a snapshot and all its children, or to just remove the children but leave the snapshot intact. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --0jo57PqcdgggaXU3kWBDFTcBf6DkpiS4e Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjiFvAAoJEKeha0olJ0NqsbUH/jH7DA3VaT4t0t8IPCnx5pP/ m7xEyjY4clsUyBOsK7pK+Z+O/4itYR9SK7F6pyfQJHizqObIUa8I1XOYHSuQ5RET OGkXq6B3fiMaxxJyWe9sVRfE1uMG5sVfRQ+1HQ3xtcUmZqwu7GzTJZRqic++bX5/ Mi1dzyt26b/35yq83k8uu3xGHh5h0b+O3Lfu2DR89DK1kZnVBGt3aAmzBue1+Lpm TtrlmaSLBH6EtAUOQrVDZrWJCN7ddnvu+SUBXiKexxwhT3zPfZqVXQ+vO0wUP0Qn H8tJqG0j+m2bpU04t8++JoKK7GhKjI3vQXn24gYKQeLh+ubZ7awgDZZgMTBv16E= =RaoA -----END PGP SIGNATURE----- --0jo57PqcdgggaXU3kWBDFTcBf6DkpiS4e-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 10:43:30 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 15:43:30 +0000 Received: from localhost ([127.0.0.1]:36852 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjWPh-0004Yr-9f for submit@debbugs.gnu.org; Thu, 21 Nov 2013 10:43:29 -0500 Received: from mail-pa0-f43.google.com ([209.85.220.43]:33103) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjWPc-0004YU-Sk for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 10:43:25 -0500 Received: by mail-pa0-f43.google.com with SMTP id bj1so3650133pad.30 for <15926@debbugs.gnu.org>; Thu, 21 Nov 2013 07:43:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=HHhH5ccKDYgNf3Zg4gn9Fl0R8fj9wtSOEwK6nMu8mKk=; b=Hkv29rp6lj/AK2yxnYfl8ah+z7f5/mhGJ1A6CLs7iDXUCNkKMBwsu+ih+wVV1KY8YH FMQA7C84DedR/xg8mgdi/1LtTDrYV2nTZrjCR0R0yLUbV5ZKjt14L2u8BsyTw8L4X6tT MLW+G1Q4blYqbTHg9SPCLjR4VDstF+GwLP/XUOF86CH1ZQmQAKJzvbK4OzgAy+UIG+Mb kKF8Z5pQma4+/A3EMGKEVsW6u58b5AMEBXQ4CMwVOhCh5oTZArkD0IFawPpNhb/e73d6 6IFze6Xh3lmUILXNFEiO0QrGHQ4VtVheaWABl64hm8bAnmKc2xIlelTyLSfRsZ2Ngqpy bPrA== X-Received: by 10.66.66.202 with SMTP id h10mr7062157pat.70.1385048598489; Thu, 21 Nov 2013 07:43:18 -0800 (PST) MIME-Version: 1.0 Received: by 10.68.6.66 with HTTP; Thu, 21 Nov 2013 07:42:58 -0800 (PST) In-Reply-To: <528E0D03.5000603@redhat.com> References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> From: Jim Meyering Date: Thu, 21 Nov 2013 07:42:58 -0800 X-Google-Sender-Auth: bgWL9Et6o_LruFtcu08FAovwgEM Message-ID: Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call To: Eric Blake Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bernhard Voelker , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Thu, Nov 21, 2013 at 5:39 AM, Eric Blake wrote: > On 11/21/2013 12:12 AM, Bernhard Voelker wrote: ... > But that's not what Linda is asking for. She is not asking to pull "." > out of under her feet. Instead, she wants a command that will > recursively remove the children of ".", but then leave "." itself > unremoved (whether by virtue of the fact that rmdir(".") must fail and > so the overall rm command fails, or by explicitly skipping the attempt > to rmdir(".") and letting rm succeed). Right now, the nanny rule of > POSIX is preventing the recursion, so you have to use contortions such > as the POSIX 'find . -depth ! -name . -exec rm {} +'. So I think it IS > useful to add an option that forces 'rm -r' to bypass the nanny rule and > recurse on ".". > > Maybe naming it --no-preserve-dot is wrong. Maybe a better name is 'rm > -r --children-only .'. At which point, I would much rather see us skip > the rmdir(".") in order to allow rm to succeed. And it would also work > even for non-dot situations: 'rm -r --children-only dir'. In other > words, I _do_ see what Linda is asking for, and think it is worth providing. Thanks for clarifying, Eric. I am open to the idea. Amusingly, when I first read your suggestion for --children-only, I thought, "That's backwards, shouldn't it be '--adults-only' to go with the no-nanny semantics?" Of course, "children" refers to tree parent/child relationship, so would make sense in the manual, where there's no talk of removing this nanny-like safeguard. But then I wondered about non-directory arguments, and how the implied semantics of --children-only applies (or not) to them. I don't particularly like the idea of adding the long-named --(no-)?preserve-dot-or-dot-dot, because that would render ambiguous any existing use of --(no-)?preserve- and all shorter abbreviations of --(no-)?preserve-root. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 11:11:35 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 16:11:35 +0000 Received: from localhost ([127.0.0.1]:36903 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjWqr-0006aR-Km for submit@debbugs.gnu.org; Thu, 21 Nov 2013 11:11:34 -0500 Received: from mail-pa0-f42.google.com ([209.85.220.42]:50439) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjWqo-0006Yi-4w for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 11:11:30 -0500 Received: by mail-pa0-f42.google.com with SMTP id lj1so6030202pab.1 for <15926@debbugs.gnu.org>; Thu, 21 Nov 2013 08:11:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=oVdR+7MFZ/vrwGrag6hTwNzv9hBfvmUJXMrgQoq0jt8=; b=eUvlifieOYRDATKQcroJK6K5HYc1yTbaEoiCrGsmHm/Xwurq/AYrGdSEmCN3xoHKRn EHzOGhdbSK3R12cGYxVnFlAbliL84kv+6qtRZzF+wYQs9rzuD22D7vlDSBvih7ZNls1/ B3FKSEXcFQYVGAgZhjo3ZUNcSoLMOHXjo/1QnmsXRMAxum29/Obaf+S4aNCUgW7iS/oD OrMZD1S2g9AYDwUq0UObCgW38cCLOPa4bEkVt9od04ltEGR1yDvkvrxVLf36JeEMFuDV FmlKxIpI7qwZzJnaoaHE48iOceidnSRAAysTohaH/jLr3MLO7UP8XMeBUURrAO8nib9o jyPQ== X-Received: by 10.66.173.74 with SMTP id bi10mr6946460pac.125.1385050282716; Thu, 21 Nov 2013 08:11:22 -0800 (PST) MIME-Version: 1.0 Received: by 10.68.6.66 with HTTP; Thu, 21 Nov 2013 08:11:02 -0800 (PST) In-Reply-To: <528D4DC3.9060806@bernhard-voelker.de> References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> From: Jim Meyering Date: Thu, 21 Nov 2013 08:11:02 -0800 X-Google-Sender-Auth: jXFZj98yQi5lhSHaKM74LqRys2U Message-ID: Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call To: Bernhard Voelker Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Eric Blake , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Wed, Nov 20, 2013 at 4:03 PM, Bernhard Voelker wrote: > On 11/20/2013 02:44 PM, Eric Blake wrote: >> On 11/19/2013 11:45 PM, Bernhard Voelker wrote: >>> Maybe "cannot remove directory" is a bit weak - it's more like >>> "refusing to remove dot|dot-dot|root directory". >> >> Indeed, a clearer error message would be possible. > > What about the following? > > $ src/rm -r src/. > src/rm: refusing to remove '.' or '..' directory: skipping 'src/.' > > I didn't want to explicitly mention POSIX here ... it's just to clarify > that rm(1) does not swallow errors from the kernel like EPERM, etc. > > The texinfo file is enhanced in the patch below, too. ... > --- > doc/coreutils.texi | 3 ++- > src/remove.c | 12 ++++++++---- Thanks for doing that. I was a little surprised to see an rm diagnostic change, but no corresponding change in any test. Perhaps an opportunity for increased test coverage? From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 11:18:55 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 16:18:55 +0000 Received: from localhost ([127.0.0.1]:36925 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjWxy-0007H2-Bm for submit@debbugs.gnu.org; Thu, 21 Nov 2013 11:18:55 -0500 Received: from moutng.kundenserver.de ([212.227.17.8]:50908) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjWxv-0007GW-2j for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 11:18:52 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis) id 0MhPvC-1W51os2AkM-00Mes7; Thu, 21 Nov 2013 17:18:36 +0100 Message-ID: <528E325B.1090109@bernhard-voelker.de> Date: Thu, 21 Nov 2013 17:18:35 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E1BEE.6060102@bernhard-voelker.de> <528E216E.5040809@redhat.com> In-Reply-To: <528E216E.5040809@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:x/zu0vgNiiAXVBF84IXGPUcdaXKkV6F53xzaR+lGxxj 7QFuNBhxcvNXMLAYCmOHrU7FZ/jR2I0xRYyRJuVsdI8UUuQ8cp w16AaZ8hLLGczh3S7oBe9JLD/3vMeiiSX69cqOLlvEDLhCdbHS GPNMUPQhi8Iiv1l8Fy8oXlYkolpAK4Q/fnOxlTbAV0vXVjBSJJ e2N7XshQRex3gvsNmGNFGvvJtkLVOQcQ3ELCEJkM0ankDYt0ea oEZ8huTAskanxr4LjlgkZcVKnGs/LvOL/tLtkCJ+LCrOUDAuMw BeGB0v4szVE3b0CsEG7f1G3VK97Za94n4pWgzydtldzvrUQs9O 05k8zvW9Ik4FWSbLoON7F7IUPxk/7kuRBG/Pd5iDQ X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/21/2013 04:06 PM, Eric Blake wrote: > Hard to say that it is considerable bloat without seeing a patch; we > already know when the top-level arguments are directories thanks to 'rm -d'. Here's a draft - not tested more than this: $ mkdir -p /tmp/dir /tmp/dir/sub $ touch /tmp/dir/file /tmp/dir/sub/other $ src/rm -rv --child /tmp/dir removed ‘/tmp/dir/file’ removed ‘/tmp/dir/sub/other’ removed directory: ‘/tmp/dir/sub’ src/rm: skipping ‘/tmp/dir’, due to --children-only $ src/rm -rv --child /tmp/dir src/rm: skipping ‘/tmp/dir’, due to --children-only $ src/rm -rv --child /tmp/dir/. src/rm: skipping ‘/tmp/dir/.’, due to --children-only Have a nice day, Berny From 03d58cc281c6155d50be9b770bbac7bf73cdaf92 Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Thu, 21 Nov 2013 17:11:27 +0100 Subject: [PATCH] rm: add --children-only option FIXME --- src/mv.c | 1 + src/remove.c | 29 ++++++++++++++++++++++++----- src/remove.h | 4 ++++ src/rm.c | 9 +++++++++ 4 files changed, 38 insertions(+), 5 deletions(-) diff --git a/src/mv.c b/src/mv.c index 1cfcd82..36e70a4 100644 --- a/src/mv.c +++ b/src/mv.c @@ -74,6 +74,7 @@ rm_option_init (struct rm_options *x) { x->ignore_missing_files = false; x->remove_empty_directories = true; + x->children_only = false; x->recursive = true; x->one_file_system = false; diff --git a/src/remove.c b/src/remove.c index 3d386cf..eb05cb4 100644 --- a/src/remove.c +++ b/src/remove.c @@ -439,8 +439,10 @@ rm_fts (FTS *fts, FTSENT *ent, struct rm_options const *x) { /* POSIX says: If the basename of a command line argument is "." or "..", - diagnose it and do nothing more with that argument. */ - if (dot_or_dotdot (last_component (ent->fts_accpath))) + diagnose it and do nothing more with that argument. + FIXME: mention --children-only. */ + if (! x->children_only + && dot_or_dotdot (last_component (ent->fts_accpath))) { error (0, 0, _("refusing to remove %s or %s directory: skipping %s"), @@ -468,9 +470,17 @@ rm_fts (FTS *fts, FTSENT *ent, struct rm_options const *x) if (s == RM_OK && is_empty_directory == T_YES) { - /* When we know (from prompt when in interactive mode) - that this is an empty directory, don't prompt twice. */ - s = excise (fts, ent, x, true); + if (FTS_ROOTLEVEL == ent->fts_level && x->children_only) + { + error (0, 0, _("skipping %s, due to --children-only"), + quote (ent->fts_path)); + } + else + { + /* When we know (from prompt when in interactive mode) + that this is an empty directory, don't prompt twice. */ + s = excise (fts, ent, x, true); + } fts_skip_tree (fts, ent); } @@ -492,6 +502,15 @@ rm_fts (FTS *fts, FTSENT *ent, struct rm_options const *x) case FTS_NSOK: /* e.g., dangling symlink */ case FTS_DEFAULT: /* none of the above */ { + if (ent->fts_info == FTS_DP + && x->children_only + && FTS_ROOTLEVEL == ent->fts_level) + { + mark_ancestor_dirs (ent); + error (0, 0, _("skipping %s, due to --children-only"), + quote (ent->fts_path)); + return RM_OK; + } /* With --one-file-system, do not attempt to remove a mount point. fts' FTS_XDEV ensures that we don't process any entries under the mount point. */ diff --git a/src/remove.h b/src/remove.h index 9ac54d4..248a470 100644 --- a/src/remove.h +++ b/src/remove.h @@ -52,6 +52,10 @@ struct rm_options /* If true, remove empty directories. */ bool remove_empty_directories; + /* If true (and the -r option is also specified), remove all children + of directory arguments, yet retaining the directory itself. */ + bool children_only; + /* Pointer to the device and inode numbers of '/', when --recursive and preserving '/'. Otherwise NULL. */ struct dev_ino *root_dev_ino; diff --git a/src/rm.c b/src/rm.c index 7a51eef..0634855 100644 --- a/src/rm.c +++ b/src/rm.c @@ -51,6 +51,7 @@ enum ONE_FILE_SYSTEM, NO_PRESERVE_ROOT, PRESERVE_ROOT, + CHILDREN_ONLY, PRESUME_INPUT_TTY_OPTION }; @@ -78,6 +79,7 @@ static struct option const long_opts[] = {"recursive", no_argument, NULL, 'r'}, {"dir", no_argument, NULL, 'd'}, + {"children-only", no_argument, NULL, CHILDREN_ONLY}, {"verbose", no_argument, NULL, 'v'}, {GETOPT_HELP_OPTION_DECL}, {GETOPT_VERSION_OPTION_DECL}, @@ -156,6 +158,8 @@ Remove (unlink) the FILE(s).\n\ --preserve-root do not remove '/' (default)\n\ -r, -R, --recursive remove directories and their contents recursively\n\ -d, --dir remove empty directories\n\ + --children-only remove only children, yet retaining the given\n\ + directory arguments\n\ -v, --verbose explain what is being done\n\ "), stdout); fputs (HELP_OPTION_DESCRIPTION, stdout); @@ -192,6 +196,7 @@ rm_option_init (struct rm_options *x) x->interactive = RMI_SOMETIMES; x->one_file_system = false; x->remove_empty_directories = false; + x->children_only = false; x->recursive = false; x->root_dev_ino = NULL; x->stdin_tty = isatty (STDIN_FILENO); @@ -296,6 +301,10 @@ main (int argc, char **argv) preserve_root = true; break; + case CHILDREN_ONLY: + x.children_only = true; + break; + case PRESUME_INPUT_TTY_OPTION: x.stdin_tty = true; break; -- 1.8.4.2 From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 11:25:26 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 16:25:26 +0000 Received: from localhost ([127.0.0.1]:36967 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjX4I-0007Tl-0E for submit@debbugs.gnu.org; Thu, 21 Nov 2013 11:25:26 -0500 Received: from mx1.redhat.com ([209.132.183.28]:5725) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjX4E-0007TV-53 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 11:25:23 -0500 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALGPFYv012233 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 11:25:15 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALGPEil006843; Thu, 21 Nov 2013 11:25:15 -0500 Message-ID: <528E33EA.7050108@redhat.com> Date: Thu, 21 Nov 2013 09:25:14 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E1BEE.6060102@bernhard-voelker.de> <528E216E.5040809@redhat.com> <528E325B.1090109@bernhard-voelker.de> In-Reply-To: <528E325B.1090109@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CiVsVUFkmkhdTIsAtKE15RNBNqxPxLtxv" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CiVsVUFkmkhdTIsAtKE15RNBNqxPxLtxv Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 09:18 AM, Bernhard Voelker wrote: > On 11/21/2013 04:06 PM, Eric Blake wrote: >> Hard to say that it is considerable bloat without seeing a patch; we >> already know when the top-level arguments are directories thanks to >> 'rm -d'. >=20 > Here's a draft - not tested more than this: > +++ b/src/remove.h > @@ -52,6 +52,10 @@ struct rm_options > /* If true, remove empty directories. */ > bool remove_empty_directories; >=20 > + /* If true (and the -r option is also specified), remove all childre= n > + of directory arguments, yet retaining the directory itself. */ > + bool children_only; Should --children-only imply -r, rather than being a no-op when -r is missing? --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --CiVsVUFkmkhdTIsAtKE15RNBNqxPxLtxv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjjPqAAoJEKeha0olJ0NqzBkH/jMzgP7m22fjqXtcy2SnlAUD Tm9WBGFZBp1wTSQC2U5CXcamTt9Gp7vbWD3wq16L54vnp7KB2k+l+Y4j+dadG1Sb iF6LMDFEwU3YqcFbzMgPx9smVWBesriz7RVgBk606L7aVMg+cKFJvPYaMSZJFipS BoHIhbnl+C2Hm85Q0LOHoDxjqmlB0WNqgcDpPycTC7C+8apdhlPj2KLF9OfqoIXm 7ChOFmNZbXtbSzqHha94XQSsN4x5EHnxccZdphoiRVNfIlezHk1Pe87Ons1VRH84 L6oe/apwJNrtH3MR82baqwxR/q5pfFbcqi0p8/HsuxDBdnBLF6so/XR+KMaduLs= =ml27 -----END PGP SIGNATURE----- --CiVsVUFkmkhdTIsAtKE15RNBNqxPxLtxv-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 11:34:37 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 16:34:37 +0000 Received: from localhost ([127.0.0.1]:37015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXDA-0007mg-TN for submit@debbugs.gnu.org; Thu, 21 Nov 2013 11:34:37 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:64610) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXD8-0007mR-V4 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 11:34:35 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mreu1) with ESMTP (Nemesis) id 0MTKyZ-1W8aTo2lqZ-00S3jE; Thu, 21 Nov 2013 17:34:23 +0100 Message-ID: <528E360F.1090202@bernhard-voelker.de> Date: Thu, 21 Nov 2013 17:34:23 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E1BEE.6060102@bernhard-voelker.de> <528E216E.5040809@redhat.com> <528E325B.1090109@bernhard-voelker.de> <528E33EA.7050108@redhat.com> In-Reply-To: <528E33EA.7050108@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:OL3acwT2uVV70nbRX4IbEWczBHe1rghOAcm/tDeUMHA hxQ4OUPVWYKCvs58T/iYFuKOFXl+ilSYFtVb/wPELJMry0JzuQ HvSaxiBzoSNQvjxY7id/KScBQmhGlUI3ycKjXtAneUm6AJYYiZ fKl2S/wv0BPbK+xFuXsGI5YkSWJGFu2dYlV+x/HhOC1yW2svY9 abg+b9pwadHNbN3X7cNeSOExrn0dH18crl6FzOWvCV22N7m2I0 1eVm7nmU6zyW9k6s5DwtoYqO5e8X9UWpOICVtI4f3BQTsBdlnE dHV5Y8ee7NCVDMqKY6AiEkeIk5w7T93R/nHtvg8DQ9trMgWiFU 2sqXNpeJMrlrvf+yq3EL0sSQenKGsKj2IheoSxVXM X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/21/2013 05:25 PM, Eric Blake wrote: > On 11/21/2013 09:18 AM, Bernhard Voelker wrote: >> + /* If true (and the -r option is also specified), remove all children >> + of directory arguments, yet retaining the directory itself. */ >> + bool children_only; > > Should --children-only imply -r, rather than being a no-op when -r is > missing? I thought about it, but as there's no way to --no-recursive, the posibility to alias rm='/bin/rm --children-only' would be void. There are surely other corner cases I didn't think about. E.g. I was surprised to check for children-only in a second place in the case "dir" is already empty. Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 11:48:50 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 16:48:50 +0000 Received: from localhost ([127.0.0.1]:37061 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXQv-0000rN-Nm for submit@debbugs.gnu.org; Thu, 21 Nov 2013 11:48:49 -0500 Received: from mx1.redhat.com ([209.132.183.28]:22361) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXQt-0000rF-Ix for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 11:48:48 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALGmfqk025041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 11:48:42 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rALGmfmR022966; Thu, 21 Nov 2013 11:48:41 -0500 Message-ID: <528E3969.4030104@redhat.com> Date: Thu, 21 Nov 2013 09:48:41 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E1BEE.6060102@bernhard-voelker.de> <528E216E.5040809@redhat.com> <528E325B.1090109@bernhard-voelker.de> <528E33EA.7050108@redhat.com> <528E360F.1090202@bernhard-voelker.de> In-Reply-To: <528E360F.1090202@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="P6pLiJElrewXTTbrmA0wtAaagE7wse7ug" X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --P6pLiJElrewXTTbrmA0wtAaagE7wse7ug Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 09:34 AM, Bernhard Voelker wrote: > On 11/21/2013 05:25 PM, Eric Blake wrote: >> On 11/21/2013 09:18 AM, Bernhard Voelker wrote: >>> + /* If true (and the -r option is also specified), remove all child= ren >>> + of directory arguments, yet retaining the directory itself. */= >>> + bool children_only; >> >> Should --children-only imply -r, rather than being a no-op when -r is >> missing? >=20 > I thought about it, but as there's no way to --no-recursive, > the posibility to alias rm=3D'/bin/rm --children-only' would be void. Good point (although someone using that as an alias for 'rm' is rather brave! I'd personally create an alias with a different name than rm to make it obvious that it doesn't remove the named argument; maybe alias empty=3D'rm --children-only -r' so that 'empty dir' is a self-describing command to empty out the contents of dir). So I'm fine with your proposal of still needing an explicit -r for it to make a difference. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --P6pLiJElrewXTTbrmA0wtAaagE7wse7ug Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjjlpAAoJEKeha0olJ0NqssUH/1dsLMO9U927RuaPpFx5yvDk 2k3mnGBzvJcyaF3AhS0hU44uzSgB1vj5ohyhMjyWGIvnJ8R68jYxralmL6frxsbf 14nOAh3yDLG94Dd/Dmzx1FE6jR7K3V0Yn8YUlgZu9iYlESOw7PR7dkOUxfX3Wr27 i65k64LLV+kM2PGq4Q/+2dokF8gceXzVCaBUMRYwYF/XeocXAU0vRTM7lONHHm5H Ro10rLTFeIUpdQ5HJzUZk932/dVAKy6mzSn993G+c8J9TmSPBEQ/lJ8GyWcBATUS Symjg1+qJTUwNWcTXuGSnACZ37vliVU/oQhJu2ljaw2xhvKrhKm2lGcYLIWPEUI= =73bn -----END PGP SIGNATURE----- --P6pLiJElrewXTTbrmA0wtAaagE7wse7ug-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:02:38 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:02:38 +0000 Received: from localhost ([127.0.0.1]:37082 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXeH-0001FV-Nq for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:02:38 -0500 Received: from mail-pa0-f51.google.com ([209.85.220.51]:60183) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXeF-0001FE-1u for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:02:36 -0500 Received: by mail-pa0-f51.google.com with SMTP id fa1so15457pad.10 for <15926@debbugs.gnu.org>; Thu, 21 Nov 2013 09:02:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type:content-transfer-encoding; bh=zcfwV4sKO246q4/KxDrkgHF2NLfWznvBqE+HQebpM28=; b=rzvHB6oJM3qw3jotuRMSkRHfu/zMPTcudkNVW0bQa2VE14JfyXZ24txpGgjMAC7X9S 8K1Blga5FSN/8P0OxNzgNwCY11qgyoIm4SVzQSos1KHMJRwQ/reZyIdYSAUjMYfMbIpo lb7+tAgjZq6rGCgIMRn78ibzrwAGM18PN381N4D5N9ncJKN0MF+QkvpMCQpYyjvvGGcE zTtPhkkp8TnlA6dU82Q5LqNwlspu/+I9wVPj2+BydgWIT7tnLfzJKIbd8PUCpmXKu4Cp eFPMZOG3DrhoNGwcUf6JgEEKIS3FJVM4kO34RPFGsjeb9R6wE+8palnL1KwNi2fhpHLE yfyw== X-Received: by 10.66.173.74 with SMTP id bi10mr7203575pac.125.1385053347954; Thu, 21 Nov 2013 09:02:27 -0800 (PST) MIME-Version: 1.0 Received: by 10.68.6.66 with HTTP; Thu, 21 Nov 2013 09:02:07 -0800 (PST) In-Reply-To: <528E325B.1090109@bernhard-voelker.de> References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E1BEE.6060102@bernhard-voelker.de> <528E216E.5040809@redhat.com> <528E325B.1090109@bernhard-voelker.de> From: Jim Meyering Date: Thu, 21 Nov 2013 09:02:07 -0800 X-Google-Sender-Auth: _OguLB0QUf9dvD0Erer0q7JfnSE Message-ID: Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call To: Bernhard Voelker Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Eric Blake , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Thu, Nov 21, 2013 at 8:18 AM, Bernhard Voelker wrote: > On 11/21/2013 04:06 PM, Eric Blake wrote: >> >> Hard to say that it is considerable bloat without seeing a patch; we >> already know when the top-level arguments are directories thanks to 'rm >> -d'. > > > Here's a draft - not tested more than this: > > $ mkdir -p /tmp/dir /tmp/dir/sub > $ touch /tmp/dir/file /tmp/dir/sub/other > > $ src/rm -rv --child /tmp/dir > removed =91/tmp/dir/file=92 > removed =91/tmp/dir/sub/other=92 > removed directory: =91/tmp/dir/sub=92 > src/rm: skipping =91/tmp/dir=92, due to --children-only > > $ src/rm -rv --child /tmp/dir > src/rm: skipping =91/tmp/dir=92, due to --children-only > > $ src/rm -rv --child /tmp/dir/. > src/rm: skipping =91/tmp/dir/.=92, due to --children-only > > > Have a nice day, > Berny > > From 03d58cc281c6155d50be9b770bbac7bf73cdaf92 Mon Sep 17 00:00:00 2001 > From: Bernhard Voelker > Date: Thu, 21 Nov 2013 17:11:27 +0100 > Subject: [PATCH] rm: add --children-only option > > FIXME > --- > src/mv.c | 1 + > src/remove.c | 29 ++++++++++++++++++++++++----- > src/remove.h | 4 ++++ > src/rm.c | 9 +++++++++ > 4 files changed, 38 insertions(+), 5 deletions(-) > > diff --git a/src/mv.c b/src/mv.c > index 1cfcd82..36e70a4 100644 > --- a/src/mv.c > +++ b/src/mv.c > @@ -74,6 +74,7 @@ rm_option_init (struct rm_options *x) > { > x->ignore_missing_files =3D false; > x->remove_empty_directories =3D true; > + x->children_only =3D false; > x->recursive =3D true; > x->one_file_system =3D false; > > diff --git a/src/remove.c b/src/remove.c > index 3d386cf..eb05cb4 100644 > --- a/src/remove.c > +++ b/src/remove.c > @@ -439,8 +439,10 @@ rm_fts (FTS *fts, FTSENT *ent, struct rm_options con= st > *x) > { > > /* POSIX says: > If the basename of a command line argument is "." or "..", > - diagnose it and do nothing more with that argument. */ > - if (dot_or_dotdot (last_component (ent->fts_accpath))) > + diagnose it and do nothing more with that argument. > + FIXME: mention --children-only. */ > + if (! x->children_only > + && dot_or_dotdot (last_component (ent->fts_accpath))) > { > error (0, 0, > > _("refusing to remove %s or %s directory: skipping > %s"), > @@ -468,9 +470,17 @@ rm_fts (FTS *fts, FTSENT *ent, struct rm_options con= st > *x) > > if (s =3D=3D RM_OK && is_empty_directory =3D=3D T_YES) > { > - /* When we know (from prompt when in interactive mode) > - that this is an empty directory, don't prompt twice. */ > - s =3D excise (fts, ent, x, true); > + if (FTS_ROOTLEVEL =3D=3D ent->fts_level && x->children_only) > + { > + error (0, 0, _("skipping %s, due to --children-only"), > + quote (ent->fts_path)); > + } > + else > + { > + /* When we know (from prompt when in interactive mode) > + that this is an empty directory, don't prompt twice. = */ > + s =3D excise (fts, ent, x, true); > + } > fts_skip_tree (fts, ent); > } > > @@ -492,6 +502,15 @@ rm_fts (FTS *fts, FTSENT *ent, struct rm_options con= st > *x) > case FTS_NSOK: /* e.g., dangling symlink */ > case FTS_DEFAULT: /* none of the above */ > { > + if (ent->fts_info =3D=3D FTS_DP > + && x->children_only > + && FTS_ROOTLEVEL =3D=3D ent->fts_level) > + { > + mark_ancestor_dirs (ent); > + error (0, 0, _("skipping %s, due to --children-only"), > + quote (ent->fts_path)); > + return RM_OK; > + } > /* With --one-file-system, do not attempt to remove a mount poin= t. > fts' FTS_XDEV ensures that we don't process any entries under > the mount point. */ > diff --git a/src/remove.h b/src/remove.h > index 9ac54d4..248a470 100644 > --- a/src/remove.h > +++ b/src/remove.h > @@ -52,6 +52,10 @@ struct rm_options > /* If true, remove empty directories. */ > bool remove_empty_directories; > > + /* If true (and the -r option is also specified), remove all children > + of directory arguments, yet retaining the directory itself. */ > + bool children_only; > + > /* Pointer to the device and inode numbers of '/', when --recursive > and preserving '/'. Otherwise NULL. */ > struct dev_ino *root_dev_ino; > diff --git a/src/rm.c b/src/rm.c > index 7a51eef..0634855 100644 > --- a/src/rm.c > +++ b/src/rm.c > @@ -51,6 +51,7 @@ enum > ONE_FILE_SYSTEM, > NO_PRESERVE_ROOT, > PRESERVE_ROOT, > + CHILDREN_ONLY, > PRESUME_INPUT_TTY_OPTION > }; > > @@ -78,6 +79,7 @@ static struct option const long_opts[] =3D > > {"recursive", no_argument, NULL, 'r'}, > {"dir", no_argument, NULL, 'd'}, > + {"children-only", no_argument, NULL, CHILDREN_ONLY}, > {"verbose", no_argument, NULL, 'v'}, > {GETOPT_HELP_OPTION_DECL}, > {GETOPT_VERSION_OPTION_DECL}, > @@ -156,6 +158,8 @@ Remove (unlink) the FILE(s).\n\ > --preserve-root do not remove '/' (default)\n\ > -r, -R, --recursive remove directories and their contents > recursively\n\ > -d, --dir remove empty directories\n\ > + --children-only remove only children, yet retaining the given\n\ > + directory arguments\n\ ... Thanks for the quick work. What do you think about saying something simple yet imprecise in --help, li= ke "when recursive, suppress removal of any directory named on the command lin= e" with the caveat that the texinfo doc would add precision: but a command-line-specified directory may still end up being removed when it is also a subdirectory of another command line argument. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:18:34 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:18:35 +0000 Received: from localhost ([127.0.0.1]:37112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXti-0001gO-AD for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:18:34 -0500 Received: from joseki.proulx.com ([216.17.153.58]:47783) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjXtf-0001gB-T6 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:18:32 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 8448E21229 for <15926@debbugs.gnu.org>; Thu, 21 Nov 2013 10:18:30 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 76AE12DC77; Thu, 21 Nov 2013 10:18:30 -0700 (MST) Date: Thu, 21 Nov 2013 10:18:30 -0700 From: Bob Proulx To: 15926@debbugs.gnu.org Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call Message-ID: <20131121171830.GC15837@hysteria.proulx.com> References: <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <528E0D03.5000603@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) Eric Blake wrote: > But that's not what Linda is asking for. She is not asking to pull "." > out of under her feet. Actually as I understand it she is expecting the call to succeed if the system kernel allows it. I believe that is the way rm used to work before removing '.' was disallowed. mkdir /tmp/testdir cd /tmp/testdir rmdir /tmp/testdir echo $? 0 ls -ldog /tmp/testdir ls: cannot access /tmp/testdir: No such file or directory /bin/pwd /bin/pwd: couldn't find directory entry in ‘..’ with matching i-node That is fine in a flow such as a test flow or other where the action is cleaning up on an exit for example. Or in other cases. It might be making a new directory and changing to it afterward. Or something else that makes sense in that case. > Instead, she wants a command that will recursively remove the > children of ".", but then leave "." itself unremoved (whether by > virtue of the fact that rmdir(".") must fail I am missing this part. Why must it fail? And in fact as per my test case above it succeeds. > Right now, the nanny rule of POSIX is preventing the recursion, so > you have to use contortions such as the POSIX 'find . -depth ! -name > . -exec rm {} +'. So I think it IS useful to add an option that > forces 'rm -r' to bypass the nanny rule and recurse on ".". Agreed. > Maybe naming it --no-preserve-dot is wrong. Maybe a better name is 'rm > -r --children-only .'. At which point, I would much rather see us skip > the rmdir(".") in order to allow rm to succeed. And it would also work > even for non-dot situations: 'rm -r --children-only dir'. In other > words, I _do_ see what Linda is asking for, and think it is worth providing. Agreed. And I rather like the --children-only semantics you have proposed. It creates a generally useful behavior regardless of other things. It isn't quite the same as bypassing the nanny rule for '.' but it solves the issue while doing something generally useful at the same time. Have to like it when it is two birds with one stone. :-) Bob From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:34:40 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:34:41 +0000 Received: from localhost ([127.0.0.1]:37165 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjY9I-0003G4-Do for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:34:40 -0500 Received: from mx1.redhat.com ([209.132.183.28]:1727) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjY9G-0003Fh-07 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:34:39 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALHYa81023794 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 12:34:36 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rALHYZri027503; Thu, 21 Nov 2013 12:34:36 -0500 Message-ID: <528E442B.8070400@redhat.com> Date: Thu, 21 Nov 2013 10:34:35 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bob Proulx , 15926@debbugs.gnu.org Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <20131121171830.GC15837@hysteria.proulx.com> In-Reply-To: <20131121171830.GC15837@hysteria.proulx.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qdpc1ISnhuHBc4LeVATst7uuJwTwm4Knf" X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --qdpc1ISnhuHBc4LeVATst7uuJwTwm4Knf Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 10:18 AM, Bob Proulx wrote: >=20 >> Instead, she wants a command that will recursively remove the >> children of ".", but then leave "." itself unremoved (whether by >> virtue of the fact that rmdir(".") must fail >=20 > I am missing this part. Why must it fail? And in fact as per my test > case above it succeeds. No, if there were no nanny rule, then there is a difference between: rm -r $PWD # Deletes dir out of under your feet, if allowed rm -r . # leaves dir empty rmdir(pwd) can succeed (true on Linux; it can also fail if the system deems that a directory in use as a pwd can't be deleted - mingw is one such system) rmdir(".") MUST fail (rmdir(2) can only delete a directory if specified by a non-. name) Linda was asking to delete children but NOT the directory; she did NOT want to use 'rm -r $PWD' because that attempts (and may succeed) at deleting pwd. But she was ticked off that the nanny rules on "." prevented recursion from even being attempted. >=20 > Agreed. And I rather like the --children-only semantics you have > proposed. It creates a generally useful behavior regardless of other > things. It isn't quite the same as bypassing the nanny rule for '.' Indeed - and if we still keep the nanny rule, then Linda would have to use 'rm -r --children-only $PWD' because the nanny rule would block 'rm -r --children-only .'; but since --children-only takes us out of the realm of POSIX, we can also use it to skip the nanny rule. > but it solves the issue while doing something generally useful at the > same time. Have to like it when it is two birds with one stone. :-) Yay - I'm glad that we appear to have come to what seems to be a useful conclusion. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --qdpc1ISnhuHBc4LeVATst7uuJwTwm4Knf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjkQrAAoJEKeha0olJ0NqLRUH/0IUtm/W+HApBhrGGla3Vphe EhS7BmSrG445RG1ABJ5OR1rUO+nF2fNiGMErFu+/Q6ueKRcN0xlMqKsJaI9lSkH0 ZcBe+dKs9YKObBsnNVdsCnu3gNZGVwry8cNtkBYvjgGCbXVt4qGm+D/W8ICkaciE vbbFeg19hRLFQnofwD3RAPp/fyk0pFtyFw2fdFeRgARuFCefAT0VZuURwW6hChrZ nIKu+qykYiEOM0jfkvwr1nT4aWXBGT4AA+UU1UlEUO4t7v4qEx1bvqLIrveoTR7f Ymbv7MyhdLGNEhAm9ukb8335lsgzxDUFAHt9r5R4yoRQxEa+c/lqfhDL5uzfAv8= =X3KA -----END PGP SIGNATURE----- --qdpc1ISnhuHBc4LeVATst7uuJwTwm4Knf-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:35:14 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:35:14 +0000 Received: from localhost ([127.0.0.1]:37169 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjY9p-0003HQ-W7 for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:35:14 -0500 Received: from mail3.vodafone.ie ([213.233.128.45]:20152) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjY9n-0003H9-GR for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:35:12 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.77.96.103]) by mail3.vodafone.ie with ESMTP; 21 Nov 2013 17:35:04 +0000 Message-ID: <528E4448.6000001@draigBrady.com> Date: Thu, 21 Nov 2013 17:35:04 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> In-Reply-To: <528E0D03.5000603@redhat.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bernhard Voelker , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/21/2013 01:39 PM, Eric Blake wrote: > On 11/21/2013 12:12 AM, Bernhard Voelker wrote: > >> >> Admittedly, compared to the academic question behind "--no-preserve-root" >> (which is like "what happens to me when the globe under my feet disappears?"), >> there may be more real-world reasons to remove ".". > > But that's not what Linda is asking for. She is not asking to pull "." > out of under her feet. Instead, she wants a command that will > recursively remove the children of ".", but then leave "." itself > unremoved (whether by virtue of the fact that rmdir(".") must fail and > so the overall rm command fails, or by explicitly skipping the attempt > to rmdir(".") and letting rm succeed). Right now, the nanny rule of > POSIX is preventing the recursion, so you have to use contortions such > as the POSIX 'find . -depth ! -name . -exec rm {} +'. So I think it IS > useful to add an option that forces 'rm -r' to bypass the nanny rule and > recurse on ".". > > Maybe naming it --no-preserve-dot is wrong. Maybe a better name is 'rm > -r --children-only .'. At which point, I would much rather see us skip > the rmdir(".") in order to allow rm to succeed. And it would also work > even for non-dot situations: 'rm -r --children-only dir'. In other > words, I _do_ see what Linda is asking for, and think it is worth providing. I'm not that enthusiastic for this new option, as I don't see it as specific to rm. I.E. other tools like chmod etc would have the same requirement, and they might be handled with various shell globbing constructs. Even more generally find(1) could be used to handle arbitrarily many files and commands that don't support recursion internally. Could you explain why rm would get this and say chmod would not? thanks, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:38:17 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:38:17 +0000 Received: from localhost ([127.0.0.1]:37173 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYCm-0003Nt-QZ for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:38:17 -0500 Received: from mx1.redhat.com ([209.132.183.28]:55356) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYCj-0003Ni-0e for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:38:13 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALHc55x027052 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 12:38:06 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALHc4Ta000379; Thu, 21 Nov 2013 12:38:04 -0500 Message-ID: <528E44FB.3080409@redhat.com> Date: Thu, 21 Nov 2013 10:38:03 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E4448.6000001@draigBrady.com> In-Reply-To: <528E4448.6000001@draigBrady.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ruRAWrOuh2vmsCA5BCdsWprTDPUwlug7m" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bernhard Voelker , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ruRAWrOuh2vmsCA5BCdsWprTDPUwlug7m Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 10:35 AM, P=C3=A1draig Brady wrote: > as I don't see it as specific to rm. > I.E. other tools like chmod etc would have the same requirement, > and they might be handled with various shell globbing constructs. > Even more generally find(1) could be used to handle arbitrarily > many files and commands that don't support recursion internally. >=20 > Could you explain why rm would get this and say chmod would not? Ideally, any command that implements recursion should have the option to operate on children only. You are correct that rm should not be special in this regards, so yes, I think chmod should also get it. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --ruRAWrOuh2vmsCA5BCdsWprTDPUwlug7m Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjkT7AAoJEKeha0olJ0Nq7WAIAK/xtDUI+NjQfivkjVluIk2v rMREV/ZHiZ/liPic5b8Dcijg/6PzYfIaK7jrXfkmq9VhHoTP5KvMZNUR+NYX8JEq eb3cLFMWj9g7rl4WhfhTQaSWwfbPxw/7VMuKTkn3uSvFMeOAILXMhHd+XP2Uq9sz tQL37LyoxZ4u8KdkV+c0pfvlXDhaSx9+svOVfh/1pulblQKV2s6Oso+a+FhQZPOz cIJZZz2x3Z41gESZVQYhq5U11vD3HgzZ+NZd3DjyE5NLrn3xfMJS6BZt/7twNMVJ 6l9yerKTMVX/AJp0Zxr+SnYmwSS/5EfqkGcg+yToylTIwN/hk7PW2gAdGtvgx24= =rTZn -----END PGP SIGNATURE----- --ruRAWrOuh2vmsCA5BCdsWprTDPUwlug7m-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:39:27 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:39:27 +0000 Received: from localhost ([127.0.0.1]:37179 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYDu-0003Ps-6y for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:39:26 -0500 Received: from mx1.redhat.com ([209.132.183.28]:33181) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYDr-0003Pj-Ce for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:39:24 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALHdHgY008368 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 12:39:17 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALHdHX1016095; Thu, 21 Nov 2013 12:39:17 -0500 Message-ID: <528E4544.6090902@redhat.com> Date: Thu, 21 Nov 2013 10:39:16 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E4448.6000001@draigBrady.com> <528E44FB.3080409@redhat.com> In-Reply-To: <528E44FB.3080409@redhat.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="MQSPRTI3w8WIcNmQaLhqs0phS4APAGV9l" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bernhard Voelker , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MQSPRTI3w8WIcNmQaLhqs0phS4APAGV9l Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 10:38 AM, Eric Blake wrote: > On 11/21/2013 10:35 AM, P=C3=A1draig Brady wrote: >> as I don't see it as specific to rm. >> I.E. other tools like chmod etc would have the same requirement, >> and they might be handled with various shell globbing constructs. >> Even more generally find(1) could be used to handle arbitrarily >> many files and commands that don't support recursion internally. >> >> Could you explain why rm would get this and say chmod would not? >=20 > Ideally, any command that implements recursion should have the option t= o > operate on children only. You are correct that rm should not be specia= l > in this regards, so yes, I think chmod should also get it. Which says that maybe gnulib's fts module needs a new flag for recursion without visiting the root node, rather than adding ad-hoc root node exclusion into all clients. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --MQSPRTI3w8WIcNmQaLhqs0phS4APAGV9l Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjkVEAAoJEKeha0olJ0NqiQcIAJr7LTiVaL0+2ifFp5+y0pyD kZVbrf/Mg4l9YjOYAKgovK8L7MEJ5l0jgcVUjL5Ig7rdmXq5hVE4GFKuSKZ2cYOk WzsPAXYz3T/Xs9/M/iD9FdprKUNTaG5ayCL7Wi8WDrOwznmRdvi87vhGDmmuChxU +8pjdpw0LXoC7G1teWctut2Du0z7YJ9mRi10aXOnhVb/H2BNaqYAv6HXLzNvIsY+ wy35jSPOuJiZTB460SVxCU1ia6lYbEdMGk1UyoP3aYuYBDKSOpP5PxCAteF6RJ5H VSNwfOBMyVbRSp6KdBN7XU9t2SRBfle3tT0iMqhfSyifK/BfClK9zyJAetfQaFA= =Nt9j -----END PGP SIGNATURE----- --MQSPRTI3w8WIcNmQaLhqs0phS4APAGV9l-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:50:33 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:50:33 +0000 Received: from localhost ([127.0.0.1]:37232 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYOe-0003lL-VF for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:50:33 -0500 Received: from joseki.proulx.com ([216.17.153.58]:47907) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYOa-0003l8-Tl for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:50:30 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 48C7E2122C for <15926@debbugs.gnu.org>; Thu, 21 Nov 2013 10:50:26 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 025602DC77; Thu, 21 Nov 2013 10:50:25 -0700 (MST) Date: Thu, 21 Nov 2013 10:50:25 -0700 From: Bob Proulx To: 15926@debbugs.gnu.org Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call Message-ID: <20131121175025.GA27364@hysteria.proulx.com> References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E4448.6000001@draigBrady.com> <528E44FB.3080409@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <528E44FB.3080409@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) Eric Blake wrote: > Pádraig Brady wrote: > > as I don't see it as specific to rm. > > I.E. other tools like chmod etc would have the same requirement, > > and they might be handled with various shell globbing constructs. > > Even more generally find(1) could be used to handle arbitrarily > > many files and commands that don't support recursion internally. > > > > Could you explain why rm would get this and say chmod would not? Argh! Feature creep! The reason that rm should have it but chmod should not is that it is to work around the POSIX nanny rule around '.' and '..'. Chmod does not have such a nanny rule and therefore does not need that option. > Ideally, any command that implements recursion should have the option to > operate on children only. You are correct that rm should not be special > in this regards, so yes, I think chmod should also get it. This is actually the best argument against it. It is a slippery slope. Let's not implement 'find' all over again. Bob From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 12:55:10 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 17:55:10 +0000 Received: from localhost ([127.0.0.1]:37250 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYT7-0003tc-LV for submit@debbugs.gnu.org; Thu, 21 Nov 2013 12:55:10 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:57424) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYT4-0003tS-2K for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 12:55:07 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rALHt2Ua029535; Thu, 21 Nov 2013 09:55:04 -0800 Message-ID: <528E48F6.30403@tlinx.org> Date: Thu, 21 Nov 2013 09:55:02 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <20131121171830.GC15837@hysteria.proulx.com> In-Reply-To: <20131121171830.GC15837@hysteria.proulx.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 21/11/2013 09:18, Bob Proulx wrote: > Eric Blake wrote: >> But that's not what Linda is asking for. She is not asking to pull "." >> out of under her feet. > > Actually as I understand it she is expecting the call to succeed if > the system kernel allows it. I believe that is the way rm used to > work before removing '.' was disallowed. ---- Um... I *expect* ".* to be unremoveable. The entries "." and ".." are required in all directories. These are required for a properly structured directory. The only way to remove "." and ".." entries in a directory is to remove the directory name itself: rm -fr /tmp/mytmp would remove mytmp + any contents (including the structural entries "." and ".." inside 'mytmp' . However, if I type "rm -fr /tmp/mytmp/." As is implemented in most OS's, it would do a depth first traversal removal. At least on linux, you couldn't remove "." as it is your current position. You can remove the directory which "." is in as you show below: > > mkdir /tmp/testdir > cd /tmp/testdir > rmdir /tmp/testdir > echo $? > 0 > ls -ldog /tmp/testdir > ls: cannot access /tmp/testdir: No such file or directory > /bin/pwd > /bin/pwd: couldn't find directory entry in ‘..’ with matching i-node So I expect anything containing "." foo/. to FAIL -- but only AFTER it has already done depth first traversal. Adding the "-f" flag was to silence the error and have the exit code set to '0' due to any failures. Posix mandates checking "." *first*. when doing a recursive removal with "-f".. So how about using -F as a gnu extension to ignore that case? That POSIX would have declared "rm -fr ." illegal on nanny grounds goes against the original spirit of why the "-f" flag was added in the 1st place. It meant to "force" the issue, *if* possible (if permissions allowed). I have no issue with error messages due to permission problems -- as they'd indicate the directory wasn't "cleaned out" -- "rm -fr ." was to clean out the contents of a dir to ready it for some reused. So I propose adding a "-F" to force rm to adhere to its original algorithm and override the POSIX restriction (as well as serving the purpose of "-f" to force any removals. >> Instead, she wants a command that will recursively remove the >> children of ".", but then leave "." itself unremoved (whether by >> virtue of the fact that rmdir(".") must fail > > I am missing this part. Why must it fail? And in fact as per my test > case above it succeeds. ---- you didn't remove "." You removed the directory "." is contained in. A direct removal of "." or ".." should be disallowed because they are a required part of any directory. To removed them you must remove the directory by name, but addressing the structural entries must fail. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 13:01:17 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 18:01:17 +0000 Received: from localhost ([127.0.0.1]:37268 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYZ2-00045B-Ps for submit@debbugs.gnu.org; Thu, 21 Nov 2013 13:01:17 -0500 Received: from mx1.redhat.com ([209.132.183.28]:28209) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYYz-000451-P3 for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 13:01:15 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALI1CYf026447 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 13:01:12 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALI1BOE005460; Thu, 21 Nov 2013 13:01:12 -0500 Message-ID: <528E4A67.200@redhat.com> Date: Thu, 21 Nov 2013 11:01:11 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bob Proulx , 15926@debbugs.gnu.org Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E4448.6000001@draigBrady.com> <528E44FB.3080409@redhat.com> <20131121175025.GA27364@hysteria.proulx.com> In-Reply-To: <20131121175025.GA27364@hysteria.proulx.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bLVqr5Gj9G82UpIDxS5sUEc2dtWGwUTp8" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --bLVqr5Gj9G82UpIDxS5sUEc2dtWGwUTp8 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 10:50 AM, Bob Proulx wrote: >>> Could you explain why rm would get this and say chmod would not? >=20 > Argh! Feature creep! Maybe, but it certainly seems like a useful feature. >=20 > The reason that rm should have it but chmod should not is that it is > to work around the POSIX nanny rule around '.' and '..'. Chmod does > not have such a nanny rule and therefore does not need that option. chmod -r $mod . will change the permissions on '.'. POSIX has a nanny rule about 'rm -r =2E', but it ALSO forbids rmdir("."). But the reason it has no nanny rul= e for 'chmod -r .' is because chmod(".", mod) is allowed. There is NO way with existing chmod to change the permissions on children but not on chmod itself; you'd have to resort to 'find . -! -name . -exec chmod $mod {} +'. Doing a recursive action on children only IS a useful paradigm in parent/child trees. >=20 >> Ideally, any command that implements recursion should have the option = to >> operate on children only. You are correct that rm should not be speci= al >> in this regards, so yes, I think chmod should also get it. >=20 > This is actually the best argument against it. It is a slippery > slope. Let's not implement 'find' all over again. If you are arguing that 'find' be the only program that implements "recursion but leave the root alone", then Linda's counterargument of needing a way to call remove() instead of unlink() when using 'rm' instead of 'rm -r' is in effect; but we already demonstrated that our extension of 'rm -d' serves that purpose. It's just that 'find . -depth -! -name . -exec rm -d {} +' is a lot more typing than 'rm -r --children-only .'. At any rate, since both BSD and GNU rm had 'rm d', I'm going to submit a bug to POSIX to request its standardization. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --bLVqr5Gj9G82UpIDxS5sUEc2dtWGwUTp8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjkpnAAoJEKeha0olJ0NqQksH/Rjt314aW/9/Ulx0fZoWgiwJ Y91CVy0x0Wi3lc1Xyk+GDXP5VLK74ryK6vauuHO2ayqMSWFYC25iami+mQwTPEc2 zCGDq+ca03LH4Xyy3ehkGib6kPjAPSdXX1yAnRNl3iorNaPsuTXYvXBqqyFIxdMt IWSiFNMUpM8xJ5b9Pzcf0R2PDCT8gp4JtHJfySxmna98PTAvsLfdjxZ9fWOSITGV goHh5BQu8h/A+aoCsnpgJ+fu9+Wz7dv63qiBaSPVlGCeTdzo1G/EhjrM7JfEIXGP obEiTylY457wIOnlBWPKb100jj+0bW+HGwm1w42e2hGVVUQmNCtrEpYir+1sPPo= =iAC6 -----END PGP SIGNATURE----- --bLVqr5Gj9G82UpIDxS5sUEc2dtWGwUTp8-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 13:01:45 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 18:01:45 +0000 Received: from localhost ([127.0.0.1]:37272 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYZU-000460-AQ for submit@debbugs.gnu.org; Thu, 21 Nov 2013 13:01:44 -0500 Received: from mail4.vodafone.ie ([213.233.128.170]:20762) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYZS-00045l-3V for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 13:01:43 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.77.96.103]) by mail3.vodafone.ie with ESMTP; 21 Nov 2013 18:01:36 +0000 Message-ID: <528E4A7F.9090104@draigBrady.com> Date: Thu, 21 Nov 2013 18:01:35 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E4448.6000001@draigBrady.com> <528E44FB.3080409@redhat.com> <528E4544.6090902@redhat.com> In-Reply-To: <528E4544.6090902@redhat.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bernhard Voelker , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/21/2013 05:39 PM, Eric Blake wrote: > On 11/21/2013 10:38 AM, Eric Blake wrote: >> On 11/21/2013 10:35 AM, Pádraig Brady wrote: >>> as I don't see it as specific to rm. >>> I.E. other tools like chmod etc would have the same requirement, >>> and they might be handled with various shell globbing constructs. >>> Even more generally find(1) could be used to handle arbitrarily >>> many files and commands that don't support recursion internally. >>> >>> Could you explain why rm would get this and say chmod would not? >> >> Ideally, any command that implements recursion should have the option to >> operate on children only. You are correct that rm should not be special >> in this regards, so yes, I think chmod should also get it. > > Which says that maybe gnulib's fts module needs a new flag for recursion > without visiting the root node, rather than adding ad-hoc root node > exclusion into all clients. That would be the right way to implement it, _but_ the disadvantage is that this filtering option is exposed to the users for all these commands. I'm not sure it's useful enough functionality to expose, and personally I'd use something like: children() { find "$1" -maxdepth 1 -mindepth 1; } or children() { find "$1" | sed '1d'; } and then... children $dir | xargs rm -r cheers, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 13:05:11 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 18:05:11 +0000 Received: from localhost ([127.0.0.1]:37301 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYcp-0004D3-I9 for submit@debbugs.gnu.org; Thu, 21 Nov 2013 13:05:11 -0500 Received: from ishtar.tlinx.org ([173.164.175.65]:57774) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYcn-0004Cs-NF for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 13:05:10 -0500 Received: from [192.168.4.12] (Athenae [192.168.4.12]) by Ishtar.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id rALI56pE034465; Thu, 21 Nov 2013 10:05:08 -0800 Message-ID: <528E4B52.6010404@tlinx.org> Date: Thu, 21 Nov 2013 10:05:06 -0800 From: Linda Walsh User-Agent: Thunderbird MIME-Version: 1.0 To: Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E4448.6000001@draigBrady.com> <528E44FB.3080409@redhat.com> <20131121175025.GA27364@hysteria.proulx.com> In-Reply-To: <20131121175025.GA27364@hysteria.proulx.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) On 21/11/2013 09:50, Bob Proulx wrote: > Eric Blake wrote: >> P�draig Brady wrote: >>> as I don't see it as specific to rm. >>> I.E. other tools like chmod etc would have the same requirement, >>> and they might be handled with various shell globbing constructs. >>> Even more generally find(1) could be used to handle arbitrarily >>> many files and commands that don't support recursion internally. >>> >>> Could you explain why rm would get this and say chmod would not? > > Argh! Feature creep! > > The reason that rm should have it but chmod should not is that it is > to work around the POSIX nanny rule around '.' and '..'. Chmod does > not have such a nanny rule and therefore does not need that option. ... > This is actually the best argument against it. It is a slippery > slope. Let's not implement 'find' all over again. ---- Let's just use '-F' to force "rm" to adhere to its original depth first path examination. "-F" disallows applying any path related rules until AFTER depth-first recursive execution has been completed on the path. From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 13:06:50 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 18:06:50 +0000 Received: from localhost ([127.0.0.1]:37306 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYeP-0004Fu-UY for submit@debbugs.gnu.org; Thu, 21 Nov 2013 13:06:50 -0500 Received: from mx1.redhat.com ([209.132.183.28]:17821) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjYeO-0004Fg-0Z for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 13:06:48 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALI6gdG002140 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 13:06:43 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALI6fSd027030; Thu, 21 Nov 2013 13:06:42 -0500 Message-ID: <528E4BB1.9010002@redhat.com> Date: Thu, 21 Nov 2013 11:06:41 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528D6ACE.9000604@redhat.com> <528DB26D.40307@bernhard-voelker.de> <528E0D03.5000603@redhat.com> <528E4448.6000001@draigBrady.com> <528E44FB.3080409@redhat.com> <528E4544.6090902@redhat.com> <528E4A7F.9090104@draigBrady.com> In-Reply-To: <528E4A7F.9090104@draigBrady.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="aXC4XmcNWg8gRaXkTXmLHTHMmHET69iBe" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org, Bernhard Voelker , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --aXC4XmcNWg8gRaXkTXmLHTHMmHET69iBe Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/21/2013 11:01 AM, P=C3=A1draig Brady wrote: > I'm not sure it's useful enough functionality to expose, > and personally I'd use something like: >=20 > children() { find "$1" -maxdepth 1 -mindepth 1; } > or > children() { find "$1" | sed '1d'; } >=20 > and then... >=20 > children $dir | xargs rm -r Except that it falls over in the presence of file names with newline, so you have to get fancier with find -print0 and xargs -0 to be robust. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --aXC4XmcNWg8gRaXkTXmLHTHMmHET69iBe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjkuxAAoJEKeha0olJ0Nqyq0H/Rjv7pdJgNSe/iHHc4QuFozd UMx9xPs/558iyo7su+3Fb06ZhMLlH41+rx0Kt0aJyRWPbHRvhgoXIZrJ0BhuqL+A VSbxmLjf+kp7C8NispYgcfm6DfOge3FeAg9bdEzxSUeIz8zCfNbyRnL1Zp30Zr/x Ya1hVDhS9c5AhB1+VUF95tr9g4go8JJZ0JkwffvfpnSgkx9FEzfigfjdwYtXbbEt 9Rb3oRRQvsKeiYrSi0SbC03kcfZIqKALS396ArtYMLWDdtttXoRmKZPkBt8KaR5Q gUGE2Cw0xot8hc5KQGOj/9hm3zw8IVRAPmvgH2aoki8IH3FI7LxSW8nkZ/g56D4= =fony -----END PGP SIGNATURE----- --aXC4XmcNWg8gRaXkTXmLHTHMmHET69iBe-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 21 15:02:10 2013 Received: (at 15926) by debbugs.gnu.org; 21 Nov 2013 20:02:10 +0000 Received: from localhost ([127.0.0.1]:37443 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjaS1-0007KQ-OY for submit@debbugs.gnu.org; Thu, 21 Nov 2013 15:02:10 -0500 Received: from mx1.redhat.com ([209.132.183.28]:32952) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjaRx-0007KD-PG for 15926@debbugs.gnu.org; Thu, 21 Nov 2013 15:02:07 -0500 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rALK23Ze029460 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 21 Nov 2013 15:02:03 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rALK22uL009477; Thu, 21 Nov 2013 15:02:03 -0500 Message-ID: <528E66BA.30002@redhat.com> Date: Thu, 21 Nov 2013 13:02:02 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= , Linda Walsh Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> In-Reply-To: <528B565D.4020205@draigBrady.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="h6OgeD6oaFUpKv9swDoGExa039R3fKxrp" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --h6OgeD6oaFUpKv9swDoGExa039R3fKxrp Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/19/2013 05:15 AM, P=C3=A1draig Brady wrote: >> So how about upgrading 'rm' to use the remove function so >> it would work on empty directories as well. >=20 > Well we have the -d option to rm to explicitly do that. > That's a fairly fundamental change that would have backwards compat iss= ues. > POSIX is explicit in the handling of directories also: > http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html I've filed a bug against POSIX requesting the standardization of 'rm -d':= http://austingroupbugs.net/view.php?id=3D802 --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --h6OgeD6oaFUpKv9swDoGExa039R3fKxrp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSjma6AAoJEKeha0olJ0Nq8wUH/i8PdbKvdCejRjVyqWFPyblp TETqr7T/tR7/vtCo3CA0wIcierrrN7MmtwpcG33ddkcYXD40AGDZC5mnMSJXZnvw 3UvKxTLqkibHS7RBeD+UATj1WcjhOuNf91XNXS8sVaeG03IJrnA0wXz33p2bQor8 w3bQiAm45Q6z8gvYGdnq7gpmu0LX0oXNi5Digxuagk1tbwbSisaoCFPy/FGQrKe8 kcgdMHNm3VHdbH2z0XeikAeuty4rZ5tFBJby8Zv4PEMh1jvsKe8IochzK3mpqIZH w942yiTlumHobFYoEHqF3gVsPHPSy8zqoxG0gqeAh48Qmx24BjF/10JFCIVcxQY= =DGDr -----END PGP SIGNATURE----- --h6OgeD6oaFUpKv9swDoGExa039R3fKxrp-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 09:56:59 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 14:57:00 +0000 Received: from localhost ([127.0.0.1]:38848 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjsAA-0005yU-GO for submit@debbugs.gnu.org; Fri, 22 Nov 2013 09:56:59 -0500 Received: from moutng.kundenserver.de ([212.227.17.10]:51318) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjsA3-0005yI-I6 for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 09:56:52 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mreu3) with ESMTP (Nemesis) id 0MVnY3-1WARSV0UfP-00Z1oe; Fri, 22 Nov 2013 15:56:28 +0100 Message-ID: <528F709B.7040106@bernhard-voelker.de> Date: Fri, 22 Nov 2013 15:56:27 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Jim Meyering Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:41ctL554QkV+eE/9JCcdjcFU61is96idbTzHDl0t2HL fFi1YF60sTZZjO/SH4fs3NH9MFRTZKaEDqyzRHR42OBDmddTcP Kmv2BN/o5SN1E0qKOzqZmWR78cWT/MkJ5iX/GRTGRdpFru9am3 M5NOFZmWb0i+vwAR+Wll1NaOx2mzx9Qy2946tCZ/RNDDoB8iy4 PIxTiIv5klv0GxKv/6aRHux6I7eFDI4Kv6gVqXiMbrV1wK7UC/ bfTUODMJUMlUm5r6aNJpSugrA2IzZK6kSIYE3RroK+oOnQ/ljf YIhUm+I/BJJ/z5rugNMwScT1N0y+gHt5y4M4Dz9NPuCQJSGRkJ lClxsl2bWTZipAKQMrzvJwB8CILSF+XqJY9VY56B7 X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Eric Blake , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/21/2013 05:11 PM, Jim Meyering wrote: > Thanks for doing that. > I was a little surprised to see an rm diagnostic change, but no > corresponding change in any test. Perhaps an opportunity for > increased test coverage? Sure! ;-) Have a nice day, Berny From 2fa074ebd43cbfea0f6b4bc92a4099a273458562 Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Fri, 22 Nov 2013 15:54:06 +0100 Subject: [PATCH] tests: enhance rm test regarding "." and ".." Recent commit 2da7009d changed the error diagnostic of rm(1) trying to remove "." or "..". Enhance the corresponding test. * tests/rm/r-4.sh: Ensure rm(1) outputs the expected error diagnostic. --- tests/rm/r-4.sh | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/tests/rm/r-4.sh b/tests/rm/r-4.sh index 94702a6..a3ceaf9 100755 --- a/tests/rm/r-4.sh +++ b/tests/rm/r-4.sh @@ -22,11 +22,26 @@ print_ver_ rm mkdir d || framework_failure_ touch d/a || framework_failure_ -rm -fr d/. 2>/dev/null && fail=1 -rm -fr d/./ 2>/dev/null && fail=1 -rm -fr d/.//// 2>/dev/null && fail=1 -rm -fr d/.. 2>/dev/null && fail=1 -rm -fr d/../ 2>/dev/null && fail=1 +# Expected error diagnostic as grep pattern. +exp="^rm: refusing to remove '\.' or '\.\.' directory: skipping '.*'\$" + +rmtest() +{ + # Try removing - expecting failure. + rm -fr "$1" 2> err && fail=1 + + # Ensure the expected error diagnostic is output. + grep "$exp" err || { cat err; fail=1; } + + return $fail +} + +rmtest 'd/.' || fail=1 +rmtest 'd/./' || fail=1 +rmtest 'd/.////' || fail=1 +rmtest 'd/..' || fail=1 +rmtest 'd/../' || fail=1 + # This test is too dangerous -- if there's a bug you're wiped out! # rm -fr / 2>/dev/null && fail=1 -- 1.8.4.2 From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 10:14:25 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 15:14:25 +0000 Received: from localhost ([127.0.0.1]:38888 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjsR2-0006QK-PV for submit@debbugs.gnu.org; Fri, 22 Nov 2013 10:14:24 -0500 Received: from mx1.redhat.com ([209.132.183.28]:62702) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjsQx-0006Q7-5m for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 10:14:19 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAMFE7xD018918 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 22 Nov 2013 10:14:07 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rAMFE6jG017362; Fri, 22 Nov 2013 10:14:06 -0500 Message-ID: <528F74BE.9030603@redhat.com> Date: Fri, 22 Nov 2013 08:14:06 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker , Jim Meyering Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> In-Reply-To: <528F709B.7040106@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CAnKm1QSMfl68d43ExBaj38ofs8k4rElq" X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CAnKm1QSMfl68d43ExBaj38ofs8k4rElq Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/22/2013 07:56 AM, Bernhard Voelker wrote: > On 11/21/2013 05:11 PM, Jim Meyering wrote: >> Thanks for doing that. >> I was a little surprised to see an rm diagnostic change, but no >> corresponding change in any test. Perhaps an opportunity for >> increased test coverage? >=20 > Sure! ;-) >=20 Just noticing this context... >=20 > # This test is too dangerous -- if there's a bug you're wiped out! > # rm -fr / 2>/dev/null && fail=3D1 What if we use chroot to create a safer /, where failing the test would only wipe out the chroot? --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --CAnKm1QSMfl68d43ExBaj38ofs8k4rElq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSj3S+AAoJEKeha0olJ0Nq9ukIAJVNmWX4YPj7OxB+GSsK4l5e R52tqG5zDEiNjGmEwSuzvJ0J36fioeNZi1irzrd0UhDGLH41ARYKDrXz6l41sV7j E1JThzdCutHA2LAt4Kt4dOatWfWW6hObQpGUzqkd0cGVYxo7Jjwr854MvhoL4pLG jkj56QEski2JqIgPt4psD7E4OCDsuevhPPo7y3UQTyYjzlzux+1DlrrCJC/gf4hC mwZYCFmQVe7dPVeMuKnskBsm1PzSqOIgwmYpF/mFSXh/DxiDwArc5aeaJWRObHj5 l6wBVnkPeJL3Q9p9An00jw2A2VdmtSD3dVYc8M6l5rDetHvc7A92O3TisjOcSKs= =BlYx -----END PGP SIGNATURE----- --CAnKm1QSMfl68d43ExBaj38ofs8k4rElq-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 10:17:56 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 15:17:56 +0000 Received: from localhost ([127.0.0.1]:38895 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjsUR-0006Vt-AX for submit@debbugs.gnu.org; Fri, 22 Nov 2013 10:17:56 -0500 Received: from mail1.vodafone.ie ([213.233.128.43]:17465) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjsUK-0006VZ-Ov for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 10:17:49 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApMBAEt0j1JtTmf//2dsb2JhbAANTIM/vGmBOIMZAQEBBDIBRhALDQEDAwECAQkWDwkDAgECAT0IBg0BBQIBAYgCrz6SAReONgEBTweEMgOef40RgT6BcQ Received: from unknown (HELO [192.168.1.79]) ([109.78.103.255]) by mail1.vodafone.ie with ESMTP; 22 Nov 2013 15:17:38 +0000 Message-ID: <528F7591.7080608@draigBrady.com> Date: Fri, 22 Nov 2013 15:17:37 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> In-Reply-To: <528F709B.7040106@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/22/2013 02:56 PM, Bernhard Voelker wrote: > On 11/21/2013 05:11 PM, Jim Meyering wrote: >> Thanks for doing that. >> I was a little surprised to see an rm diagnostic change, but no >> corresponding change in any test. Perhaps an opportunity for >> increased test coverage? > > Sure! ;-) > > Have a nice day, > Berny > > From 2fa074ebd43cbfea0f6b4bc92a4099a273458562 Mon Sep 17 00:00:00 2001 > From: Bernhard Voelker > Date: Fri, 22 Nov 2013 15:54:06 +0100 > Subject: [PATCH] tests: enhance rm test regarding "." and ".." > > Recent commit 2da7009d changed the error diagnostic of rm(1) trying > to remove "." or "..". Enhance the corresponding test. > > * tests/rm/r-4.sh: Ensure rm(1) outputs the expected error diagnostic. > --- > tests/rm/r-4.sh | 25 ++++++++++++++++++++----- > 1 file changed, 20 insertions(+), 5 deletions(-) > > diff --git a/tests/rm/r-4.sh b/tests/rm/r-4.sh > index 94702a6..a3ceaf9 100755 > --- a/tests/rm/r-4.sh > +++ b/tests/rm/r-4.sh > @@ -22,11 +22,26 @@ print_ver_ rm > mkdir d || framework_failure_ > touch d/a || framework_failure_ > > -rm -fr d/. 2>/dev/null && fail=1 > -rm -fr d/./ 2>/dev/null && fail=1 > -rm -fr d/.//// 2>/dev/null && fail=1 > -rm -fr d/.. 2>/dev/null && fail=1 > -rm -fr d/../ 2>/dev/null && fail=1 > +# Expected error diagnostic as grep pattern. > +exp="^rm: refusing to remove '\.' or '\.\.' directory: skipping '.*'\$" > + > +rmtest() > +{ > + # Try removing - expecting failure. > + rm -fr "$1" 2> err && fail=1 > + > + # Ensure the expected error diagnostic is output. > + grep "$exp" err || { cat err; fail=1; } > + > + return $fail > +} > + > +rmtest 'd/.' || fail=1 > +rmtest 'd/./' || fail=1 > +rmtest 'd/.////' || fail=1 > +rmtest 'd/..' || fail=1 > +rmtest 'd/../' || fail=1 +1 thanks! Pádraig From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 10:37:12 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 15:37:12 +0000 Received: from localhost ([127.0.0.1]:38919 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjsnA-000722-0d for submit@debbugs.gnu.org; Fri, 22 Nov 2013 10:37:12 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:55393) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vjsn7-00070w-DM for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 10:37:10 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis) id 0M0e3W-1VOUt10wn8-00uuqj; Fri, 22 Nov 2013 16:36:53 +0100 Message-ID: <528F7A07.6000103@bernhard-voelker.de> Date: Fri, 22 Nov 2013 16:36:39 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Eric Blake , Jim Meyering Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> In-Reply-To: <528F74BE.9030603@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:Ue9GfXRz9hYxgGsYHUH5MzDRpw6jbAxVNlH+vYfWsrJ W6NX4l8+/1MW6zZYk6XLi1kaFmnuksA9tshDJKQCOILQK739fk 4etjiWk8nElPpCxWNLkFg3EXjZH07Mg3zV2KSWA1TTG/gS/W+m O2hCGFYmVoeayIImrqzlQonDu5ETeCjei7OJ5kwqQVAL5DRond QVtc49eAtX5ulDkBT4wa78e2bfO/IZqZBX23sCLIGpDLS4lRoj f5/5P/quNi3fGmhxf+goXoj5sor0pTRqupwNpU8mESjU/0XLEn buwgwqcSBaBvgGgBsos+kC24VZRpFAyjxtALR92utb2K6UmTJD 0RTwh6undpeR/w4Yfts/HTgUNvJBhYFD5dWfdY29e X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/22/2013 04:14 PM, Eric Blake wrote: > Just noticing this context... > >> >> # This test is too dangerous -- if there's a bug you're wiped out! >> # rm -fr / 2>/dev/null && fail=1 > > What if we use chroot to create a safer /, where failing the test would > only wipe out the chroot? That's not that easy. Alternatively, that test could be secured by "skip_if_root_" plus intercepting the unlinkat() call via LD_PRELOAD. Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 10:42:14 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 15:42:14 +0000 Received: from localhost ([127.0.0.1]:38936 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vjss1-0007Ay-Pt for submit@debbugs.gnu.org; Fri, 22 Nov 2013 10:42:14 -0500 Received: from mx1.redhat.com ([209.132.183.28]:26374) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vjsry-0007An-Rh for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 10:42:12 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAMFg445019572 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 22 Nov 2013 10:42:05 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rAMFg472002046; Fri, 22 Nov 2013 10:42:04 -0500 Message-ID: <528F7B4C.8080102@redhat.com> Date: Fri, 22 Nov 2013 08:42:04 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker , Jim Meyering Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> In-Reply-To: <528F7A07.6000103@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="2AVNbBqLLsfAx1OhfIMvXtJFJMnxGPvdM" X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --2AVNbBqLLsfAx1OhfIMvXtJFJMnxGPvdM Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/22/2013 08:36 AM, Bernhard Voelker wrote: > On 11/22/2013 04:14 PM, Eric Blake wrote: >> Just noticing this context... >> >>> >>> # This test is too dangerous -- if there's a bug you're wiped out! >>> # rm -fr / 2>/dev/null && fail=3D1 >> >> What if we use chroot to create a safer /, where failing the test woul= d >> only wipe out the chroot? >=20 > That's not that easy. > Alternatively, that test could be secured by "skip_if_root_" > plus intercepting the unlinkat() call via LD_PRELOAD. Indeed, LD_PRELOAD is great for this - since the test passes when no unlink/rmdir occurs, you just make the intercepts fail loudly if they are invoked. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --2AVNbBqLLsfAx1OhfIMvXtJFJMnxGPvdM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSj3tMAAoJEKeha0olJ0NqbUMH/RhR/kkCIE9UyAl+EKQoZ5yB mH+4GO02V6Nw9XIu+7FC7rw0unetYochVs05sJXb145gWSPJTs976rvNCvwNDo6m TSLgvmXX2w+s/bWKr4do1tNmKc+nmLuobOyw20uNqLcWtqvQ94BU4PiWgnz0+5xQ GIjMzXzzy8u84Uci0q/BDPUtWOpUqnqIhLHHcJZNQx8QCynJnGaLsttidoEMD6dc G6nl14Vnrv2pNnwLGX9SuLmWd8syrc1z0mx/zzxlKu6u1uv3cFRHeHR8Z8NFmEVK zY3oPHe4GdtEdK7PXgPkSh/DyurtwPPwJ/7LJQV9pqH7e/DLS5LYvFQKbwDZNqY= =yfi1 -----END PGP SIGNATURE----- --2AVNbBqLLsfAx1OhfIMvXtJFJMnxGPvdM-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 11:05:09 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 16:05:09 +0000 Received: from localhost ([127.0.0.1]:38942 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjtE9-0007l4-5x for submit@debbugs.gnu.org; Fri, 22 Nov 2013 11:05:09 -0500 Received: from mail-pd0-f177.google.com ([209.85.192.177]:43264) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjtE2-0007kT-A1 for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 11:05:02 -0500 Received: by mail-pd0-f177.google.com with SMTP id q10so1421860pdj.22 for <15926@debbugs.gnu.org>; Fri, 22 Nov 2013 08:04:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=eUeuFdkM5pg/5EHe4SqzGC5a5CZAEELVFyUQSD9hPdw=; b=SEBVaK3OZ8c+5UUjB7aq/8KFxWsZ2Jh0zS5LzmgpScR+oyMp61lshF4qoYbshIGfkF +uEsuzLaBSivFQuG+a9OpBrNaISioLVuPq7T8pxN7OxoOhdhtOBfZsq/3Vgkk3beSyOw cYtl4vQEcqRObz03T9AlbBk215dz2Sm3Pzc7eRZaRU/k7LTGk6kvTaHa2/haIuvxUOzf zimF70QihMuZO95KuuF9sGIMgtHWocjAaL7XX0UuSxjx0smMM0tlj3RXBgiW4niJMaen b9ng6vaaUcv6ijMkHTluIm693F1ZSpftTEQb4fnSnyI19/CuEH4bsMzVHkaFRfCxTfOK IWKQ== X-Received: by 10.68.25.229 with SMTP id f5mr12345958pbg.6.1385136292458; Fri, 22 Nov 2013 08:04:52 -0800 (PST) MIME-Version: 1.0 Received: by 10.68.6.66 with HTTP; Fri, 22 Nov 2013 08:04:32 -0800 (PST) In-Reply-To: <528F709B.7040106@bernhard-voelker.de> References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> From: Jim Meyering Date: Fri, 22 Nov 2013 08:04:32 -0800 X-Google-Sender-Auth: FNLGoCrMdRTcLqwvygLQ56Ecucs Message-ID: Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call To: Bernhard Voelker Content-Type: text/plain; charset=ISO-8859-1 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On Fri, Nov 22, 2013 at 6:56 AM, Bernhard Voelker wrote: > On 11/21/2013 05:11 PM, Jim Meyering wrote: >> >> Thanks for doing that. >> I was a little surprised to see an rm diagnostic change, but no >> corresponding change in any test. Perhaps an opportunity for >> increased test coverage? > > Sure! ;-) ... > Subject: [PATCH] tests: enhance rm test regarding "." and ".." > > Recent commit 2da7009d changed the error diagnostic of rm(1) trying > to remove "." or "..". Enhance the corresponding test. > > * tests/rm/r-4.sh: Ensure rm(1) outputs the expected error diagnostic. Looks good. Thank you! From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 11:28:28 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 16:28:28 +0000 Received: from localhost ([127.0.0.1]:38968 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vjtal-0008OH-Jr for submit@debbugs.gnu.org; Fri, 22 Nov 2013 11:28:28 -0500 Received: from moutng.kundenserver.de ([212.227.17.8]:58308) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vjtai-0008O2-BU for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 11:28:25 -0500 Received: from [10.0.2.15] (gw.camline.com [62.153.148.194]) by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis) id 0MErUc-1VuP2s0HKU-00FxsA; Fri, 22 Nov 2013 17:28:12 +0100 Message-ID: <528F8610.6060602@bernhard-voelker.de> Date: Fri, 22 Nov 2013 17:28:00 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Jim Meyering , =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528BAB1E.9090406@tlinx.org> <528BAF25.6020104@redhat.com> <528BC167.1030007@tlinx.org> <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:H78yi5ykhpSWWY6611vpt/YbiGkakYFXP8ilVqU/Wpt owEFhkUa/Jq0hj3tRAPkUuklQelKny8Cp8wiXgPxi3de0mrbVd x3H7WMVmipvRg8jYrbysAGjWr4ZIUzDYnFvYQbD8lyhCaAP0/G cLGB0ltjH9QRPg0TJ9zgfE57GuN6UXoS2mqARZkmwBGgyh616+ Dswua5sNALvJ4q+5uJqMoeD0WyEWlnv3gLWOLNVBvgQ3Vuxy5t DXqzM+TTsDc+dq6w+xUyfgOkh4Eyl2tqc5obal1D4sjmE05Ana pTffdLKBON2goCmR6y8l3d3adWbEKXpnjRyaGdVbsA8r8rFNDq i2e05dThHYUdfFPCSClCuG03yhjkRn2yN8XJcq3Sl X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/22/2013 05:04 PM, Jim Meyering wrote: > Looks good. Thank you! Thank you (both!) for the review. Pushed; http://git.sv.gnu.org/cgit/coreutils.git/commit/?id=2fa074eb Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 12:39:32 2013 Received: (at 15926) by debbugs.gnu.org; 22 Nov 2013 17:39:32 +0000 Received: from localhost ([127.0.0.1]:39004 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjuhX-0001qz-89 for submit@debbugs.gnu.org; Fri, 22 Nov 2013 12:39:31 -0500 Received: from joseki.proulx.com ([216.17.153.58]:52669) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VjuhQ-0001qf-F7 for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 12:39:25 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id D721C2122D for <15926@debbugs.gnu.org>; Fri, 22 Nov 2013 10:39:22 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id D7B612DC77; Fri, 22 Nov 2013 10:39:22 -0700 (MST) Date: Fri, 22 Nov 2013 10:39:22 -0700 From: Bob Proulx To: 15926 <15926@debbugs.gnu.org> Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call Message-ID: <20131122173922.GA26828@hysteria.proulx.com> References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline In-Reply-To: <528F7B4C.8080102@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.5 (/) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.5 (/) --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Eric Blake wrote: > Bernhard Voelker wrote: > > Eric Blake wrote: > >> Just noticing this context... > >>> # This test is too dangerous -- if there's a bug you're wiped out! > >>> # rm -fr / 2>/dev/null && fail=3D1 > >> > >> What if we use chroot to create a safer /, where failing the test would > >> only wipe out the chroot? > >=20 > > That's not that easy. I think that it would be too complicated to be desired in the test suite. > > Alternatively, that test could be secured by "skip_if_root_" > > plus intercepting the unlinkat() call via LD_PRELOAD. >=20 > Indeed, LD_PRELOAD is great for this - since the test passes when no > unlink/rmdir occurs, you just make the intercepts fail loudly if they > are invoked. Please make sure that if the LD_PRELOAD functionality fails that this test is not run. Since it would be a live fire exercise and if LD_PRELOAD doesn't function then the test would wipe the system out. I don't think it is worth the risk for this piece of functionality. Bob --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iEYEARECAAYFAlKPlsoACgkQ0pRcO8E2ULZvjQCeMc6T30C0i39Dk/P4mwjZ/Be4 af4AnjuCCVNSyRQDswb2vSif4TLEZhv4 =d5x/ -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 20:02:37 2013 Received: (at 15926) by debbugs.gnu.org; 23 Nov 2013 01:02:37 +0000 Received: from localhost ([127.0.0.1]:39097 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk1cK-0004vc-2F for submit@debbugs.gnu.org; Fri, 22 Nov 2013 20:02:36 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:64655) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk1cH-0004vK-8j for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 20:02:34 -0500 Received: from [192.168.1.11] (p5499C6C3.dip0.t-ipconnect.de [84.153.198.195]) by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis) id 0LqWAb-1VEnXF3zVp-00eb2V; Sat, 23 Nov 2013 02:02:25 +0100 Message-ID: <528FFEA0.8050708@bernhard-voelker.de> Date: Sat, 23 Nov 2013 02:02:24 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> In-Reply-To: <20131122173922.GA26828@hysteria.proulx.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:lSghNn5hyVCEUuc9k0q2QEkFeGy6B/8EKAieHT6sfC1 cLIdNklUuECO3QjWtXq8riP4q85b23/aOx1x3xfPG1kBnAH9+k 48EZUkG9JFIxU3eyg+q4/U9lQ0wyp5f82hkK7bScYazaWXPLVV au17K978ZRIbuf0yZVfiNo0UsOif1i0W3uWa54THXe7YEtCuZj fGHCtAq73uHO3WC9LAuhTDQ7DBgYAAybND5Eha3Bhtog0SCVXt 74FMxByaWz6UVyXdPRxq+f6kdNgBo5e00RUhC6x6EE6IwkdufX EWJ627bLH06cU67pSUfS+TSS9q288Bw09VJlHZYijU83jAeb8l 9WI5d0BsQHYhBULn/qhG8MbKHa7d5L9E+Lskl3ZVa X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, =?ISO-8859-1?Q?P=E1draig_Brady?= , Eric Blake , Jim Meyering X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/22/2013 06:39 PM, Bob Proulx wrote: > Eric Blake wrote: >> Bernhard Voelker wrote: >>> Eric Blake wrote: >>>> Just noticing this context... >>>>> # This test is too dangerous -- if there's a bug you're wiped out! >>>>> # rm -fr / 2>/dev/null && fail=1 >>>> >>>> What if we use chroot to create a safer /, where failing the test would >>>> only wipe out the chroot? >>> >>> That's not that easy. > > I think that it would be too complicated to be desired in the test suite. > >>> Alternatively, that test could be secured by "skip_if_root_" >>> plus intercepting the unlinkat() call via LD_PRELOAD. >> >> Indeed, LD_PRELOAD is great for this - since the test passes when no >> unlink/rmdir occurs, you just make the intercepts fail loudly if they >> are invoked. > > Please make sure that if the LD_PRELOAD functionality fails that this > test is not run. Since it would be a live fire exercise and if > LD_PRELOAD doesn't function then the test would wipe the system out. > I don't think it is worth the risk for this piece of functionality. Sure, I tried to make it as defensive as possible. WDYT? Have a nice day, Berny >From a87e3d0a8417648e65ee077ca6f70d5d19fa757a Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Sat, 23 Nov 2013 01:55:36 +0100 Subject: [PATCH] tests: add a test for rm -rf "/" * tests/rm/rm-root.sh: Add a non-root test. * tests/local.mk (all_tests): Mention the test. --- tests/local.mk | 1 + tests/rm/rm-root.sh | 159 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 160 insertions(+) create mode 100755 tests/rm/rm-root.sh diff --git a/tests/local.mk b/tests/local.mk index 3c92425..1837690 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -208,6 +208,7 @@ all_tests = \ tests/rm/rm3.sh \ tests/rm/rm4.sh \ tests/rm/rm5.sh \ + tests/rm/rm-root.sh \ tests/rm/sunos-1.sh \ tests/rm/unread2.sh \ tests/rm/unread3.sh \ diff --git a/tests/rm/rm-root.sh b/tests/rm/rm-root.sh new file mode 100755 index 0000000..3882289 --- /dev/null +++ b/tests/rm/rm-root.sh @@ -0,0 +1,159 @@ +#!/bin/sh +# Try to remove '/' recursively. + +# Copyright (C) 2013 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ rm + +# POSIX mandates rm(1) to skip '/' arguments. This test verifies this mandated +# behavior as well as the --preserve-root and --no-preserve-root options. +# Especially the latter case is a live fire exercise as rm(1) is supposed to +# enter the unlinkat() system call. Therefore, limit the risk as much +# as possible -- if there's a bug this test would wipe the system out! + +# Faint-hearted: skip this test for the 'root' user. +skip_if_root_ + +# Pull rm(1) the teeth by intercepting the unlinkat() system call via the +# LD_PRELOAD environment variable. This requires shared libraries to work. +require_gcc_shared_ + +cat > k.c <<'EOF' || framework_failure_ +#include +#include +#include + +int unlinkat(int dirfd, const char *pathname, int flags) +{ + /* Prove that LD_PRELOAD works. */ + fclose (fopen ("x", "w")); + + /* Immediately terminate. */ + _exit(0); +} +EOF + +# Then compile/link it: +gcc -Wall --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ + || framework_failure_ 'failed to build shared library' + +# Verify that "rm -rf dir" basically works. +mkdir dir || framework_failure_ +rm -rf dir || framework_failure_ +test -d dir && framework_failure_ + +# Now verify that intercepting unlinkat() works: +# rm(1) must succeed as before, but this time both the evidence file "x" +# and the test directory "dir" must exist afterwards. +mkdir dir || framework_failure_ +LD_PRELOAD=./k.so \ +rm -rf dir || framework_failure_ +test -d dir || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" +test -f x || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" + +# Remove the evidence file "x"; verify that. +rm x || framework_failure_ +test -f x && framework_failure_ + +#------------------------------------------------------------------------------- +# exercise_rm_rf_root: shell function to test "rm -rf '/'" +# Paranoia mode on: +# For the worst case where both rm(1) would fail to refuse to process the "/" +# argument (in the cases without the --no-preserve-root option), and +# intercepting the unlinkat(1) system call would fail (which actually already +# has been proven to work above), limit the damage to the current file system +# via the --one-file-system option. +# Furthermore, run rm(1) in the background and kill that process after +# a maximum of 1 second or when the evidence file appears. This also +# shortens the testing time. +exercise_rm_rf_root () +{ + local pid + LD_PRELOAD=./k.so \ + rm -rfv --one-file-system $1 '/' > out 2> err & pid=$! + + # Wait for the evidence file to appear, or until the process has terminated. + for i in $(seq 10); do + test -f x && break + kill -0 $pid || break + sleep .1 + done + + # At this point, rm(1) usually has already terminated. Kill it anyway. + kill -9 $pid + + # Get the exit status. + wait $pid + + return $? +} + +# "rm -rf /" without --no-preserve-root should output the following +# diagnostic error message. +cat < exp || framework_failure_ +rm: it is dangerous to operate recursively on '/' +rm: use --no-preserve-root to override this failsafe +EOD + +#------------------------------------------------------------------------------- +# Exercise "rm -rf /" without the --preserve-root and --no-preserve-root option. +# Expect a non-Zero exist status. +exercise_rm_rf_root \ + && fail=1 + +# Expect nothing in 'out' and the above error diagnostic in 'err'. +# As rm(1) should have skipped the "/" argument, it does not call unlinkat(). +# Therefore, the evidence file "x" should not exist. +compare /dev/null out || fail=1 +compare exp err || fail=1 +test -f x && fail=1 + +# Do nothing more if this test failed. +test $fail = 1 && { cat out; cat err; Exit $fail; } + +#------------------------------------------------------------------------------- +# Exercise "rm -rf --preserve-root /" which should behave the same as above. +exercise_rm_rf_root --preserve-root \ + && fail=1 + +compare /dev/null out || fail=1 +compare exp err || fail=1 +test -f x && fail=1 + +# Do nothing more if this test failed. +test $fail = 1 && { cat out; cat err; Exit $fail; } + +#------------------------------------------------------------------------------- +# Until now, it was all just fun. +# Now exercise the --no-preserve-root option with which rm(1) should enter +# the intercepted unlinkat() system call. +# As the interception code terminates the process immediately via _exit(0), +# the exist status should be 0. +exercise_rm_rf_root --no-preserve-root \ + || fail=1 + +# The 'err' file should not contain the above error diagostic. +grep "^rm: it is dangerous to operate recursively on '/'" err \ + && fail=1 + +# Instead, rm(1) should have called the intercepted unlinkat() function, +# i.e. the evidence file "x" should exist. +test -f x || fail=1 + +test $fail = 1 && { cat out; cat err; Exit $fail; } + +Exit $fail -- 1.8.3.1 From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 20:30:52 2013 Received: (at 15926) by debbugs.gnu.org; 23 Nov 2013 01:30:53 +0000 Received: from localhost ([127.0.0.1]:39117 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk23f-0005gc-F5 for submit@debbugs.gnu.org; Fri, 22 Nov 2013 20:30:52 -0500 Received: from mx1.redhat.com ([209.132.183.28]:37462) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk23P-0005fn-3R for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 20:30:37 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAN1URHX025407 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 22 Nov 2013 20:30:27 -0500 Received: from [10.36.116.34] (ovpn-116-34.ams2.redhat.com [10.36.116.34]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAN1UNLX032057 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 22 Nov 2013 20:30:25 -0500 Message-ID: <5290052F.30301@draigBrady.com> Date: Sat, 23 Nov 2013 01:30:23 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> In-Reply-To: <528FFEA0.8050708@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Eric Blake , Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) On 11/23/2013 01:02 AM, Bernhard Voelker wrote: > On 11/22/2013 06:39 PM, Bob Proulx wrote: >> Eric Blake wrote: >>> Bernhard Voelker wrote: >>>> Eric Blake wrote: >>>>> Just noticing this context... >>>>>> # This test is too dangerous -- if there's a bug you're wiped out! >>>>>> # rm -fr / 2>/dev/null && fail=1 >>>>> >>>>> What if we use chroot to create a safer /, where failing the test would >>>>> only wipe out the chroot? >>>> >>>> That's not that easy. >> >> I think that it would be too complicated to be desired in the test suite. >> >>>> Alternatively, that test could be secured by "skip_if_root_" >>>> plus intercepting the unlinkat() call via LD_PRELOAD. >>> >>> Indeed, LD_PRELOAD is great for this - since the test passes when no >>> unlink/rmdir occurs, you just make the intercepts fail loudly if they >>> are invoked. >> >> Please make sure that if the LD_PRELOAD functionality fails that this >> test is not run. Since it would be a live fire exercise and if >> LD_PRELOAD doesn't function then the test would wipe the system out. >> I don't think it is worth the risk for this piece of functionality. > > Sure, I tried to make it as defensive as possible. > WDYT? > > Have a nice day, > Berny > >>>From a87e3d0a8417648e65ee077ca6f70d5d19fa757a Mon Sep 17 00:00:00 2001 > From: Bernhard Voelker > Date: Sat, 23 Nov 2013 01:55:36 +0100 > Subject: [PATCH] tests: add a test for rm -rf "/" > > * tests/rm/rm-root.sh: Add a non-root test. > * tests/local.mk (all_tests): Mention the test. > --- > tests/local.mk | 1 + > tests/rm/rm-root.sh | 159 ++++++++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 160 insertions(+) > create mode 100755 tests/rm/rm-root.sh > > diff --git a/tests/local.mk b/tests/local.mk > index 3c92425..1837690 100644 > --- a/tests/local.mk > +++ b/tests/local.mk > @@ -208,6 +208,7 @@ all_tests = \ > tests/rm/rm3.sh \ > tests/rm/rm4.sh \ > tests/rm/rm5.sh \ > + tests/rm/rm-root.sh \ > tests/rm/sunos-1.sh \ > tests/rm/unread2.sh \ > tests/rm/unread3.sh \ > diff --git a/tests/rm/rm-root.sh b/tests/rm/rm-root.sh > new file mode 100755 > index 0000000..3882289 > --- /dev/null > +++ b/tests/rm/rm-root.sh > @@ -0,0 +1,159 @@ > +#!/bin/sh > +# Try to remove '/' recursively. > + > +# Copyright (C) 2013 Free Software Foundation, Inc. > + > +# This program is free software: you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation, either version 3 of the License, or > +# (at your option) any later version. > + > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > + > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see . > + > +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src > +print_ver_ rm > + > +# POSIX mandates rm(1) to skip '/' arguments. This test verifies this mandated > +# behavior as well as the --preserve-root and --no-preserve-root options. > +# Especially the latter case is a live fire exercise as rm(1) is supposed to > +# enter the unlinkat() system call. Therefore, limit the risk as much > +# as possible -- if there's a bug this test would wipe the system out! > + > +# Faint-hearted: skip this test for the 'root' user. > +skip_if_root_ good :) > + > +# Pull rm(1) the teeth by intercepting the unlinkat() system call via the s/the// ? > +# LD_PRELOAD environment variable. This requires shared libraries to work. > +require_gcc_shared_ > + > +cat > k.c <<'EOF' || framework_failure_ > +#include > +#include > +#include > + > +int unlinkat(int dirfd, const char *pathname, int flags) s/(/ (/ > +{ > + /* Prove that LD_PRELOAD works. */ > + fclose (fopen ("x", "w")); > + > + /* Immediately terminate. */ > + _exit(0); s/(/ (/ > +} > +EOF > + > +# Then compile/link it: > +gcc -Wall --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ > + || framework_failure_ 'failed to build shared library' > + > +# Verify that "rm -rf dir" basically works. > +mkdir dir || framework_failure_ > +rm -rf dir || framework_failure_ > +test -d dir && framework_failure_ > > +# Now verify that intercepting unlinkat() works: > +# rm(1) must succeed as before, but this time both the evidence file "x" > +# and the test directory "dir" must exist afterwards. > +mkdir dir || framework_failure_ > +LD_PRELOAD=./k.so \ > +rm -rf dir || framework_failure_ > +test -d dir || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" > +test -f x || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" > + > +# Remove the evidence file "x"; verify that. > +rm x || framework_failure_ > +test -f x && framework_failure_ > + > +#------------------------------------------------------------------------------- > +# exercise_rm_rf_root: shell function to test "rm -rf '/'" > +# Paranoia mode on: > +# For the worst case where both rm(1) would fail to refuse to process the "/" > +# argument (in the cases without the --no-preserve-root option), and > +# intercepting the unlinkat(1) system call would fail (which actually already > +# has been proven to work above), limit the damage to the current file system > +# via the --one-file-system option. > +# Furthermore, run rm(1) in the background and kill that process after > +# a maximum of 1 second or when the evidence file appears. This also > +# shortens the testing time. > +exercise_rm_rf_root () > +{ > + local pid > + LD_PRELOAD=./k.so \ > + rm -rfv --one-file-system $1 '/' > out 2> err & pid=$! > + > + # Wait for the evidence file to appear, or until the process has terminated. > + for i in $(seq 10); do > + test -f x && break > + kill -0 $pid || break > + sleep .1 > + done better to use retry_delay_ here I think and just wait for x file > + # At this point, rm(1) usually has already terminated. Kill it anyway. > + kill -9 $pid probably best use a timeout 10 ... on the original rm call Oh you're trying to minimize run time. I wouldn't bother TBH, you can't really be half dead. > + > + # Get the exit status. > + wait $pid > + > + return $? > +} > + > +# "rm -rf /" without --no-preserve-root should output the following > +# diagnostic error message. > +cat < exp || framework_failure_ > +rm: it is dangerous to operate recursively on '/' > +rm: use --no-preserve-root to override this failsafe > +EOD > + > +#------------------------------------------------------------------------------- > +# Exercise "rm -rf /" without the --preserve-root and --no-preserve-root option. > +# Expect a non-Zero exist status. > +exercise_rm_rf_root \ > + && fail=1 > + > +# Expect nothing in 'out' and the above error diagnostic in 'err'. > +# As rm(1) should have skipped the "/" argument, it does not call unlinkat(). > +# Therefore, the evidence file "x" should not exist. > +compare /dev/null out || fail=1 > +compare exp err || fail=1 > +test -f x && fail=1 > + > +# Do nothing more if this test failed. > +test $fail = 1 && { cat out; cat err; Exit $fail; } > + > +#------------------------------------------------------------------------------- > +# Exercise "rm -rf --preserve-root /" which should behave the same as above. > +exercise_rm_rf_root --preserve-root \ > + && fail=1 > + > +compare /dev/null out || fail=1 > +compare exp err || fail=1 > +test -f x && fail=1 > + > +# Do nothing more if this test failed. > +test $fail = 1 && { cat out; cat err; Exit $fail; } > + > +#------------------------------------------------------------------------------- > +# Until now, it was all just fun. > +# Now exercise the --no-preserve-root option with which rm(1) should enter > +# the intercepted unlinkat() system call. > +# As the interception code terminates the process immediately via _exit(0), > +# the exist status should be 0. s/exist/exit/ > +exercise_rm_rf_root --no-preserve-root \ > + || fail=1 > + > +# The 'err' file should not contain the above error diagostic. > +grep "^rm: it is dangerous to operate recursively on '/'" err \ > + && fail=1 > + > +# Instead, rm(1) should have called the intercepted unlinkat() function, > +# i.e. the evidence file "x" should exist. > +test -f x || fail=1 > + > +test $fail = 1 && { cat out; cat err; Exit $fail; } > + > +Exit $fail > So the real case where this could not be handled (and what might actually catch users out) is when various synonyms of '/' are specified. i.e. // //. /./ /bin/.. It would be good to have tests for those. cheers, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 21:29:04 2013 Received: (at 15926) by debbugs.gnu.org; 23 Nov 2013 02:29:04 +0000 Received: from localhost ([127.0.0.1]:39146 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk2y0-0007C3-8j for submit@debbugs.gnu.org; Fri, 22 Nov 2013 21:29:04 -0500 Received: from mx1.redhat.com ([209.132.183.28]:30603) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk2xw-0007BW-OE for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 21:29:02 -0500 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAN2SrYr025739 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 22 Nov 2013 21:28:53 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAN2SptD021587; Fri, 22 Nov 2013 21:28:52 -0500 Message-ID: <529012E3.9010301@redhat.com> Date: Fri, 22 Nov 2013 19:28:51 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bernhard Voelker , Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> In-Reply-To: <528FFEA0.8050708@bernhard-voelker.de> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tdCpSwRUUwJ3rEQj39kSDWhjcHtBnO5KM" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= , Jim Meyering X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tdCpSwRUUwJ3rEQj39kSDWhjcHtBnO5KM Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/22/2013 06:02 PM, Bernhard Voelker wrote: > On 11/22/2013 06:39 PM, Bob Proulx wrote: > +#---------------------------------------------------------------------= ---------- > +# Exercise "rm -rf /" without the --preserve-root and --no-preserve-ro= ot option. > +# Expect a non-Zero exist status. > +exercise_rm_rf_root \ > + && fail=3D1 Maybe you should favor 'rm -r /' rather than 'rm -rf /'. That way, even if all the failsafes are bypassed, you at least have better logging of what started to go wrong rather than silence. Also, probably worth testing: rm -r / a to make sure that 'a' DOES get deleted, even though we skipped over the / argument, and that we still get the final exit status representing failure to remove /. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --tdCpSwRUUwJ3rEQj39kSDWhjcHtBnO5KM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSkBLjAAoJEKeha0olJ0NqdcAH/RuU0kVrcz5vFcyf85at9P2e jpW+oEHsNBGaNhs78Km4DseRmyUUbykMvm3w3VLfoU0lJOjhGaC8kyLd51LgAoOC xOxTKJVeyRZhNbU1g2Zx64/WtaV0daAyrApE/XrQPIOUw+STTzYVb/M9ZsHuNW/i awNwhNfT6PbdTElFffzvZuhqz2Wxf2TjvHPdpQz5y5KosMPmZ/j1H/KodX/I7LkC ZuMH6JZdVGvmyojzuoypskjRT8p4bQKFHgwhjbDugb97uWaH+xFupUNcafpxOXzK nzP8/N7WJQI9oSFbD7AqfZAMU1JLp/7sInnWMHqz5zmgWtJ+uvIb0oQzTjwyH4M= =t8Vr -----END PGP SIGNATURE----- --tdCpSwRUUwJ3rEQj39kSDWhjcHtBnO5KM-- From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 22 21:32:46 2013 Received: (at 15926) by debbugs.gnu.org; 23 Nov 2013 02:32:46 +0000 Received: from localhost ([127.0.0.1]:39150 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk31a-0008Pg-0g for submit@debbugs.gnu.org; Fri, 22 Nov 2013 21:32:46 -0500 Received: from mx1.redhat.com ([209.132.183.28]:16238) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vk31X-0008PW-0b for 15926@debbugs.gnu.org; Fri, 22 Nov 2013 21:32:43 -0500 Received: from int-mx12.intmail.prod.int.phx2.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAN2WbWP001024 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 22 Nov 2013 21:32:37 -0500 Received: from [10.3.113.132] (ovpn-113-132.phx2.redhat.com [10.3.113.132]) by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rAN2WbNe010770; Fri, 22 Nov 2013 21:32:37 -0500 Message-ID: <529013C4.2060906@redhat.com> Date: Fri, 22 Nov 2013 19:32:36 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= , Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> In-Reply-To: <5290052F.30301@draigBrady.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CG8OebNNQDSIE2sneg67Nuckgm2IoBmPb" X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 X-Spam-Score: -5.5 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.5 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CG8OebNNQDSIE2sneg67Nuckgm2IoBmPb Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/22/2013 06:30 PM, P=C3=A1draig Brady wrote: >> + >> +# Pull rm(1) the teeth by intercepting the unlinkat() system call via= the >=20 > s/the// ? Pull the teeth from rm(1) by... >=20 > So the real case where this could not be handled (and what might > actually catch users out) is when various synonyms of '/' are specified= =2E > i.e. // //. /./ /bin/.. > It would be good to have tests for those. Careful on the // case, for systems like cygwin where // is a distinct root from / (it has a separate inode, but should likewise be forbidden to recursively delete from // - hmm, I don't know that I've ever been brave enough to actually test whether --preserve-root preserves // on cygwin). Also, if a user does 'ln -s / root' and does 'rm -r root/.' (technically, this should also be done for 'rm -r root/', but Linux doesn't obey POSIX with regards to 'rm symlink-to-dir/'). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --CG8OebNNQDSIE2sneg67Nuckgm2IoBmPb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSkBPEAAoJEKeha0olJ0Nq/GMIAJNVZqRqjIXiaW46ca7WpZbF 1hnR+JhTcKi3YyDFmb8QDiH8AZ1ZG798nl60Ra8Y/UPkyjFVf1i2C/LCR+zrk47Y 52kiZz57r48dKVX18z9giNQwrdIO9Yuo9q6a1y2j+UvPsZszdmgRcpN+T/ZSTfUe Lk8plqCsMFdOH5zfqk3BGzo1eqcF/3LnU+O66S+eBbGPNBNaBVPp1HuHqUCi1mfK tnTap8Wfyw/jHfsS474xvHfmBPl/Y24X2mDZ6pQD/IuNMMdHCycEgl6h0qonn5KB T6zg/o8CnFFl9d/8CJH52JKi6cLKaufPOD+mqPg9E9upF97DjVOawg6/u6Mt3tg= =biUe -----END PGP SIGNATURE----- --CG8OebNNQDSIE2sneg67Nuckgm2IoBmPb-- From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 23 05:56:09 2013 Received: (at 15926) by debbugs.gnu.org; 23 Nov 2013 10:56:09 +0000 Received: from localhost ([127.0.0.1]:39430 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkAsi-0007eY-7s for submit@debbugs.gnu.org; Sat, 23 Nov 2013 05:56:08 -0500 Received: from mail2.vodafone.ie ([213.233.128.44]:56442) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkAsc-0007dy-3y for 15926@debbugs.gnu.org; Sat, 23 Nov 2013 05:56:02 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.79.129.247]) by mail2.vodafone.ie with ESMTP; 23 Nov 2013 10:55:55 +0000 Message-ID: <529089BB.2030700@draigBrady.com> Date: Sat, 23 Nov 2013 10:55:55 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529013C4.2060906@redhat.com> In-Reply-To: <529013C4.2060906@redhat.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Bernhard Voelker , Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/23/2013 02:32 AM, Eric Blake wrote: > On 11/22/2013 06:30 PM, Pádraig Brady wrote: >>> + >>> +# Pull rm(1) the teeth by intercepting the unlinkat() system call via the >> >> s/the// ? > > Pull the teeth from rm(1) by... > >> >> So the real case where this could not be handled (and what might >> actually catch users out) is when various synonyms of '/' are specified. >> i.e. // //. /./ /bin/.. >> It would be good to have tests for those. > > Careful on the // case, for systems like cygwin where // is a distinct > root from / (it has a separate inode, but should likewise be forbidden > to recursively delete from // - hmm, I don't know that I've ever been > brave enough to actually test whether --preserve-root preserves // on > cygwin). I would expect // to be treated the same on all systems in this regard > Also, if a user does 'ln -s / root' and does 'rm -r root/.' > (technically, this should also be done for 'rm -r root/', but Linux > doesn't obey POSIX with regards to 'rm symlink-to-dir/'). If rm is going to do this at all it might as well handle all corner cases (that are much more likely to catch users out). I.E. it should be working on the canonicalized name. cheers, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 23 06:49:54 2013 Received: (at 15926) by debbugs.gnu.org; 23 Nov 2013 11:49:54 +0000 Received: from localhost ([127.0.0.1]:39511 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkBij-0000fB-3u for submit@debbugs.gnu.org; Sat, 23 Nov 2013 06:49:53 -0500 Received: from mail2.vodafone.ie ([213.233.128.44]:59067) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkBid-0000en-EK for 15926@debbugs.gnu.org; Sat, 23 Nov 2013 06:49:48 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.79.129.247]) by mail2.vodafone.ie with ESMTP; 23 Nov 2013 11:49:38 +0000 Message-ID: <52909652.5070103@draigBrady.com> Date: Sat, 23 Nov 2013 11:49:38 +0000 From: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Eric Blake Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529013C4.2060906@redhat.com> <529089BB.2030700@draigBrady.com> In-Reply-To: <529089BB.2030700@draigBrady.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Bernhard Voelker , Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/23/2013 10:55 AM, Pádraig Brady wrote: > On 11/23/2013 02:32 AM, Eric Blake wrote: >> On 11/22/2013 06:30 PM, Pádraig Brady wrote: >>>> + >>>> +# Pull rm(1) the teeth by intercepting the unlinkat() system call via the >>> >>> s/the// ? >> >> Pull the teeth from rm(1) by... >> >>> >>> So the real case where this could not be handled (and what might >>> actually catch users out) is when various synonyms of '/' are specified. >>> i.e. // //. /./ /bin/.. >>> It would be good to have tests for those. as explained below, the names containing . or .. would not contain this particular diagnostic, though we'd probably want to test anyway and ensure ignored to protect against future reordering of the checks in code. Also a symlink test as described below would be good to add. >> Careful on the // case, for systems like cygwin where // is a distinct >> root from / (it has a separate inode, but should likewise be forbidden >> to recursively delete from // - hmm, I don't know that I've ever been >> brave enough to actually test whether --preserve-root preserves // on >> cygwin). > > I would expect // to be treated the same on all systems in this regard > >> Also, if a user does 'ln -s / root' and does 'rm -r root/.' >> (technically, this should also be done for 'rm -r root/', but Linux >> doesn't obey POSIX with regards to 'rm symlink-to-dir/'). > > If rm is going to do this at all it might as well > handle all corner cases (that are much more likely to > catch users out). I.E. it should be working on the > canonicalized name. To be clear, I think rm is working as expected already, since it checks the dev,inode identity of the command argument against that of '/'. So symlinks are handled as expected: $ rm -ri ~/root/ src/rm: it is dangerous to operate recursively on ‘/home/padraig/root/’ (same as ‘/’) src/rm: use --no-preserve-root to override this failsafe Note the trailing '.' for the 'root/.' case will trigger that check first. cheers, Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 24 19:16:18 2013 Received: (at 15926) by debbugs.gnu.org; 25 Nov 2013 00:16:18 +0000 Received: from localhost ([127.0.0.1]:42989 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vkjqb-0007zv-0z for submit@debbugs.gnu.org; Sun, 24 Nov 2013 19:16:18 -0500 Received: from moutng.kundenserver.de ([212.227.17.9]:54893) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkjqX-0007zd-6M for 15926@debbugs.gnu.org; Sun, 24 Nov 2013 19:16:15 -0500 Received: from [192.168.1.11] (p5499C6C3.dip0.t-ipconnect.de [84.153.198.195]) by mrelayeu.kundenserver.de (node=mrbap3) with ESMTP (Nemesis) id 0MCqF1-1VtIPg1n1f-009BYI; Mon, 25 Nov 2013 01:15:55 +0100 Message-ID: <529296BA.4050606@bernhard-voelker.de> Date: Mon, 25 Nov 2013 01:15:54 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> In-Reply-To: <5290052F.30301@draigBrady.com> Content-Type: multipart/mixed; boundary="------------030605040209010601030206" X-Provags-ID: V02:K0:pwKuCqOcA0woIS5ol8uaOIPYMZkTnDyUq6tX7AUhDbO hnXSUMVhqnimrJrnHHf5AOBCiADtRexZKfk+xT+AIVlcfxsssf JvYeb4jwaOWruhe5tFfVZRi8D/xAzPIJYLEudskROKnODLwl8B romB2FUA/j8lKx4IBizRSkuP64km6Gv0eWVIKwm6kjEZQMH5+y Cjxv5FmA9nNhXhQCFlW5hfUvRa1es0MVbFdiITIFy5kqMSEOww 0Ho2eqxEnRgvRIEjcoVZeAViQtngrGu3Q0d8jPJy+fROvBHocl lDGC8qSVVwMOgfqdLqo3kjBf/iEQrexV2KHKX0tQuIX3lbxPNr wE/kMODuZZBadXJJooirJoWRmbX/cNALfwiwriF7y X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Eric Blake , Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) This is a multi-part message in MIME format. --------------030605040209010601030206 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit On 11/23/2013 02:30 AM, Pádraig Brady wrote: > On 11/23/2013 01:02 AM, Bernhard Voelker wrote: >> >From a87e3d0a8417648e65ee077ca6f70d5d19fa757a Mon Sep 17 00:00:00 2001 >> From: Bernhard Voelker >> Date: Sat, 23 Nov 2013 01:55:36 +0100 >> Subject: [PATCH] tests: add a test for rm -rf "/" Hi Padraig & Eric, sorry for the late reply - my system had a few problems after running this test. no, just kidding ;-) First of all, thank you for the nice hints. >> diff --git a/tests/rm/rm-root.sh b/tests/rm/rm-root.sh >> new file mode 100755 >> index 0000000..3882289 >> [...] >> +exercise_rm_rf_root () >> +{ >> + local pid >> + LD_PRELOAD=./k.so \ >> + rm -rfv --one-file-system $1 '/' > out 2> err & pid=$! >> + >> + # Wait for the evidence file to appear, or until the process has terminated. >> + for i in $(seq 10); do >> + test -f x && break >> + kill -0 $pid || break >> + sleep .1 >> + done > > better to use retry_delay_ here I think and just wait for x file > >> + # At this point, rm(1) usually has already terminated. Kill it anyway. >> + kill -9 $pid > > probably best use a timeout 10 ... on the original rm call > Oh you're trying to minimize run time. I wouldn't bother TBH, > you can't really be half dead. I wanted to be as conservative as possible in this test. Therefore I think in the worst case we shouldn't give 'rm' more than 1 second to destroy possibly valuable user data. Regarding half dead: I tried it: on a system where /home is on a separate partition, "rm -rf --one-file-system --no-preserve-root /" did not remove more than /var/spool/mail/$USER and the files in /tmp owned by that USER. That's not too bad. ;-) > So the real case where this could not be handled (and what might > actually catch users out) is when various synonyms of '/' are specified. > i.e. // //. /./ /bin/.. > It would be good to have tests for those. I've added tests like this - which partially run into the "refusing to remove '.' or '..'" case, as you pointed out in the other mails. Regarding Cygwin: 'rm' - the version which is currently shipped there - behaves the same on this platform: it skips /, //, ///, //// etc. LD_PRELOAD seems to be defined on Cygwin, too, but as 'rm' invokes a different system call there, this test will be skipped. On 11/23/2013 03:28 AM, Eric Blake wrote: > Maybe you should favor 'rm -r /' rather than 'rm -rf /'. Fixed. > Also, probably worth testing: > > rm -r / a > > to make sure that 'a' DOES get deleted, even though we skipped over the > / argument, and that we still get the final exit status representing > failure to remove /. Added a test. Attached is the new patch. One question (which is also as a FIXME in the patch): for /, rm outputs the diagnostic rm: it is dangerous to operate recursively on '/' while for // it outputs rm: it is dangerous to operate recursively on '//' (same as '/') However, for ///, //// etc it output again the former message. Why? Thanks & have a nice day, Berny --------------030605040209010601030206 Content-Type: text/x-patch; name="0001-tests-add-a-test-for-rm-rf-v2.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-tests-add-a-test-for-rm-rf-v2.patch" >From 9f262b7e16b702262230514b3eda7fd98c8117be Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Mon, 25 Nov 2013 00:24:24 +0100 Subject: [PATCH] tests: add a test for rm -rf "/" * tests/rm/rm-root.sh: Add a non-root test. * tests/local.mk (all_tests): Mention the test. --- tests/local.mk | 1 + tests/rm/rm-root.sh | 248 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 249 insertions(+) create mode 100755 tests/rm/rm-root.sh diff --git a/tests/local.mk b/tests/local.mk index 3c92425..1837690 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -208,6 +208,7 @@ all_tests = \ tests/rm/rm3.sh \ tests/rm/rm4.sh \ tests/rm/rm5.sh \ + tests/rm/rm-root.sh \ tests/rm/sunos-1.sh \ tests/rm/unread2.sh \ tests/rm/unread3.sh \ diff --git a/tests/rm/rm-root.sh b/tests/rm/rm-root.sh new file mode 100755 index 0000000..cfce279 --- /dev/null +++ b/tests/rm/rm-root.sh @@ -0,0 +1,248 @@ +#!/bin/sh +# Try to remove '/' recursively. + +# Copyright (C) 2013 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ rm + +# POSIX mandates rm(1) to skip '/' arguments. This test verifies this mandated +# behavior as well as the --preserve-root and --no-preserve-root options. +# Especially the latter case is a live fire exercise as rm(1) is supposed to +# enter the unlinkat() system call. Therefore, limit the risk as much +# as possible -- if there's a bug this test would wipe the system out! + +# Faint-hearted: skip this test for the 'root' user. +skip_if_root_ + +# Pull the teeth from rm(1) by intercepting the unlinkat() system call via the +# LD_PRELOAD environment variable. This requires shared libraries to work. +require_gcc_shared_ + +cat > k.c <<'EOF' || framework_failure_ +#include +#include +#include + +int unlinkat (int dirfd, const char *pathname, int flags) +{ + /* Prove that LD_PRELOAD works: create the evidence file "x". */ + fclose (fopen ("x", "w")); + + /* Immediately terminate, unless indicated otherwise. */ + if (! getenv("CU_TEST_SKIP_EXIT")) + _exit (0); + + /* Pretend success. */ + return 0; +} +EOF + +# Then compile/link it: +gcc -Wall --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ + || framework_failure_ 'failed to build shared library' + +# Verify that "rm -r dir" basically works. +mkdir dir || framework_failure_ +rm -r dir || framework_failure_ +test -d dir && framework_failure_ + +# Now verify that intercepting unlinkat() works: +# rm(1) must succeed as before, but this time both the evidence file "x" +# and the test directory "dir" must exist afterwards. +mkdir dir || framework_failure_ +LD_PRELOAD=./k.so \ +rm -r dir || framework_failure_ +test -d dir || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" +test -f x || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" + +#------------------------------------------------------------------------------- +# exercise_rm_rf_root: shell function to test "rm -r '/'" +# The caller must provide the FILE to remove as well as any options +# which should be passed to 'rm'. +# Paranoia mode on: +# For the worst case where both rm(1) would fail to refuse to process the "/" +# argument (in the cases without the --no-preserve-root option), and +# intercepting the unlinkat(1) system call would fail (which actually already +# has been proven to work above), limit the damage to the current file system +# via the --one-file-system option. +# Furthermore, run rm(1) in the background and kill that process after +# a maximum of 1 second or when the evidence file appears. This also +# shortens the testing time. +exercise_rm_rf_root () +{ + # Remove the evidence file "x"; verify that. + rm -f x || framework_failure_ + test -f x && framework_failure_ + + local pid + if [ "$CU_TEST_SKIP_EXIT" = 1 ]; then + # Pass on this variable into 'rm's environment. + LD_PRELOAD=./k.so CU_TEST_SKIP_EXIT=1 rm \ + -rv --one-file-system "$@" > out 2> err & pid=$! + else + LD_PRELOAD=./k.so rm -rv --one-file-system "$@" > out 2> err & pid=$! + fi + + # Wait for the evidence file to appear, or until the process has terminated. + for i in $(seq 10); do + test -f x && break + kill -0 $pid || break + sleep .1 + done + + # At this point, rm(1) usually has already terminated. Kill it anyway. + kill -9 $pid + + # Get the exit status. + wait $pid + + return $? +} + +# "rm -r /" without --no-preserve-root should output the following +# diagnostic error message. +cat < exp || framework_failure_ +rm: it is dangerous to operate recursively on '/' +rm: use --no-preserve-root to override this failsafe +EOD + +#------------------------------------------------------------------------------- +# Exercise "rm -r /" without and with the --preserve-root option. +# Expect a non-Zero exit status. +for opt in '' '--preserve-root'; do + exercise_rm_rf_root $opt '/' \ + && fail=1 + + # Expect nothing in 'out' and the above error diagnostic in 'err'. + # As rm(1) should have skipped the "/" argument, it does not call unlinkat(). + # Therefore, the evidence file "x" should not exist. + compare /dev/null out || fail=1 + compare exp err || fail=1 + test -f x && fail=1 + + # Do nothing more if this test failed. + test $fail = 1 && { cat out; cat err; Exit $fail; } +done + +#------------------------------------------------------------------------------- +# Exercise "rm -r file1 / file2". +# Expect a non-Zero exit status representing failure to remove "/", +# yet 'file1' and 'file2' should be removed. +: > file1 || framework_failure_ +: > file2 || framework_failure_ + +# Now that we know that 'rm' won't call the unlinkat() system function for "/", +# we could probably execute it without the LD_PRELOAD'ed safety net. +# Nevertheless, it's still better to use it for this test. +# Tell the unlinkat() replacement function to not _exit(0) immediately +# by setting the following variable. +CU_TEST_SKIP_EXIT=1 + +exercise_rm_rf_root --preserve-root file1 '/' file2 \ + && fail=1 + +unset CU_TEST_SKIP_EXIT + +cat < out_removed +removed 'file1' +removed 'file2' +EOD + +# The above error diagnostic should appear in 'err'. +# Both 'file1' and 'file2' should be removed. Simply verify that in the +# "out" file, as the replacement unlinkat() dummy did not remove them. +# Expect the evidence file "x" to exist. +compare out_removed out || fail=1 +compare exp err || fail=1 +test -f x || fail=1 + +# Do nothing more if this test failed. +test $fail = 1 && { cat out; cat err; Exit $fail; } + +#------------------------------------------------------------------------------- +# Exercise various synonyms of "/" including symlinks to it. +# The error diagnostic slightly differs from that of the basic "/" case above. +cat < exp_same || framework_failure_ +rm: it is dangerous to operate recursively on 'FILE' (same as '/') +rm: use --no-preserve-root to override this failsafe +EOD + +# Some combinations have a trailing "." or "..". This triggers another check +# in the code first and therefore leads to a different diagnostic. However, +# we want to test anyway to protect against future reordering of the checks +# in the code. +cat < exp_dot || framework_failure_ +rm: refusing to remove '.' or '..' directory: skipping 'FILE' +EOD + +# Prepare a few symlinks to "/". +ln -s / rootlink || framework_failure_ +ln -s rootlink rootlink2 || framework_failure_ +ln -s /bin/.. rootlink3 || framework_failure_ + +# FIXME: for '///', '////', and more, "rm -r" outputs the error diagnostic +# as if the bare "/" was given. For '//' not. Why?!? + +for file in \ + 'rootlink/' \ + 'rootlink2/' \ + 'rootlink3/' \ + '//' \ + '//.' \ + '/./' \ + '/../' \ + '/.././' \ + '/bin/..' ; do + + exercise_rm_rf_root --preserve-root "$file" \ + && fail=1 + + sed "s,FILE,$file," exp_same > exp2 || framework_failure_ + sed "s,FILE,$file," exp_dot > exp_dot2 || framework_failure_ + + # Check against the "refusing to remove '.' or '..'" diagnostic. + compare exp_dot2 err \ + && continue + + compare /dev/null out || fail=1 + compare exp2 err || fail=1 + test -f x && fail=1 + + # Do nothing more if this test failed. + test $fail = 1 && { cat out; cat err; Exit $fail; } +done + +#------------------------------------------------------------------------------- +# Until now, it was all just fun. +# Now exercise the --no-preserve-root option with which rm(1) should enter +# the intercepted unlinkat() system call. +# As the interception code terminates the process immediately via _exit(0), +# the exit status should be 0. +exercise_rm_rf_root --no-preserve-root '/' \ + || fail=1 + +# The 'err' file should not contain the above error diagostic. +grep "^rm: it is dangerous to operate recursively on '/'" err \ + && fail=1 + +# Instead, rm(1) should have called the intercepted unlinkat() function, +# i.e. the evidence file "x" should exist. +test -f x || fail=1 + +test $fail = 1 && { cat out; cat err; Exit $fail; } + +Exit $fail -- 1.8.3.1 --------------030605040209010601030206-- From debbugs-submit-bounces@debbugs.gnu.org Sun Nov 24 20:10:40 2013 Received: (at 15926) by debbugs.gnu.org; 25 Nov 2013 01:10:40 +0000 Received: from localhost ([127.0.0.1]:43059 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkkhD-0001yb-CZ for submit@debbugs.gnu.org; Sun, 24 Nov 2013 20:10:40 -0500 Received: from mail5.vodafone.ie ([213.233.128.176]:14138) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vkkh9-0001yL-Sm for 15926@debbugs.gnu.org; Sun, 24 Nov 2013 20:10:38 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.78.78.187]) by mail3.vodafone.ie with ESMTP; 25 Nov 2013 01:10:28 +0000 Message-ID: <5292A383.1040006@draigBrady.com> Date: Mon, 25 Nov 2013 01:10:27 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529296BA.4050606@bernhard-voelker.de> In-Reply-To: <529296BA.4050606@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Eric Blake , Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/25/2013 12:15 AM, Bernhard Voelker wrote: > On 11/23/2013 02:30 AM, Pádraig Brady wrote: >> On 11/23/2013 01:02 AM, Bernhard Voelker wrote: >>> >From a87e3d0a8417648e65ee077ca6f70d5d19fa757a Mon Sep 17 00:00:00 2001 >>> From: Bernhard Voelker >>> Date: Sat, 23 Nov 2013 01:55:36 +0100 >>> Subject: [PATCH] tests: add a test for rm -rf "/" > > Hi Padraig & Eric, > > sorry for the late reply - my system had a few problems after > running this test. no, just kidding ;-) > > First of all, thank you for the nice hints. > >>> diff --git a/tests/rm/rm-root.sh b/tests/rm/rm-root.sh >>> new file mode 100755 >>> index 0000000..3882289 > >>> [...] > >>> +exercise_rm_rf_root () >>> +{ >>> + local pid >>> + LD_PRELOAD=./k.so \ >>> + rm -rfv --one-file-system $1 '/' > out 2> err & pid=$! >>> + >>> + # Wait for the evidence file to appear, or until the process has terminated. >>> + for i in $(seq 10); do >>> + test -f x && break >>> + kill -0 $pid || break >>> + sleep .1 >>> + done >> >> better to use retry_delay_ here I think and just wait for x file >> >>> + # At this point, rm(1) usually has already terminated. Kill it anyway. >>> + kill -9 $pid >> >> probably best use a timeout 10 ... on the original rm call >> Oh you're trying to minimize run time. I wouldn't bother TBH, >> you can't really be half dead. > > I wanted to be as conservative as possible in this test. > Therefore I think in the worst case we shouldn't give 'rm' more > than 1 second to destroy possibly valuable user data. > > Regarding half dead: I tried it: on a system where /home is on a separate > partition, "rm -rf --one-file-system --no-preserve-root /" did not remove > more than /var/spool/mail/$USER and the files in /tmp owned by that USER. > That's not too bad. ;-) > >> So the real case where this could not be handled (and what might >> actually catch users out) is when various synonyms of '/' are specified. >> i.e. // //. /./ /bin/.. >> It would be good to have tests for those. > > I've added tests like this - which partially run into the "refusing to > remove '.' or '..'" case, as you pointed out in the other mails. > > Regarding Cygwin: > 'rm' - the version which is currently shipped there - behaves the same > on this platform: it skips /, //, ///, //// etc. > LD_PRELOAD seems to be defined on Cygwin, too, but as 'rm' invokes > a different system call there, this test will be skipped. > > On 11/23/2013 03:28 AM, Eric Blake wrote: >> Maybe you should favor 'rm -r /' rather than 'rm -rf /'. > > Fixed. > >> Also, probably worth testing: >> >> rm -r / a >> >> to make sure that 'a' DOES get deleted, even though we skipped over the >> / argument, and that we still get the final exit status representing >> failure to remove /. > > Added a test. > > Attached is the new patch. > > One question (which is also as a FIXME in the patch): > for /, rm outputs the diagnostic > rm: it is dangerous to operate recursively on '/' > while for // it outputs > rm: it is dangerous to operate recursively on '//' (same as '/') > However, for ///, //// etc it output again the former message. > Why? Interesting. So the warning is from ROOT_DEV_INO_WARN (ent->fts_path) and that uses STREQ("/",...) on the fts_path. Perhaps fts is being conservative and treating '//' as a distinct root, thus not canonicalizing it to '/'? Now gnulib has a specific check for this: http://git.sv.gnu.org/gitweb/?p=gnulib.git;a=blob;f=m4/double-slash-root.m4;hb=HEAD which gnulib and coreutils honors at least. For this edge case I suppose you could call canonicalize within ROOT_DEV_INO_WARN() though I'm not sure it's worth it. > diff --git a/tests/rm/rm-root.sh b/tests/rm/rm-root.sh > new file mode 100755 > index 0000000..cfce279 > --- /dev/null > +++ b/tests/rm/rm-root.sh > @@ -0,0 +1,248 @@ > +#!/bin/sh > +# Try to remove '/' recursively. > + > +# Copyright (C) 2013 Free Software Foundation, Inc. > + > +# This program is free software: you can redistribute it and/or modify > +# it under the terms of the GNU General Public License as published by > +# the Free Software Foundation, either version 3 of the License, or > +# (at your option) any later version. > + > +# This program is distributed in the hope that it will be useful, > +# but WITHOUT ANY WARRANTY; without even the implied warranty of > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > +# GNU General Public License for more details. > + > +# You should have received a copy of the GNU General Public License > +# along with this program. If not, see . > + > +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src > +print_ver_ rm > + > +# POSIX mandates rm(1) to skip '/' arguments. This test verifies this mandated > +# behavior as well as the --preserve-root and --no-preserve-root options. > +# Especially the latter case is a live fire exercise as rm(1) is supposed to > +# enter the unlinkat() system call. Therefore, limit the risk as much > +# as possible -- if there's a bug this test would wipe the system out! > + > +# Faint-hearted: skip this test for the 'root' user. > +skip_if_root_ > + > +# Pull the teeth from rm(1) by intercepting the unlinkat() system call via the > +# LD_PRELOAD environment variable. This requires shared libraries to work. > +require_gcc_shared_ > + > +cat > k.c <<'EOF' || framework_failure_ > +#include > +#include > +#include > + > +int unlinkat (int dirfd, const char *pathname, int flags) > +{ > + /* Prove that LD_PRELOAD works: create the evidence file "x". */ > + fclose (fopen ("x", "w")); > + > + /* Immediately terminate, unless indicated otherwise. */ > + if (! getenv("CU_TEST_SKIP_EXIT")) > + _exit (0); > + > + /* Pretend success. */ > + return 0; > +} > +EOF > + > +# Then compile/link it: > +gcc -Wall --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ > + || framework_failure_ 'failed to build shared library' > + > +# Verify that "rm -r dir" basically works. > +mkdir dir || framework_failure_ > +rm -r dir || framework_failure_ > +test -d dir && framework_failure_ > + > +# Now verify that intercepting unlinkat() works: > +# rm(1) must succeed as before, but this time both the evidence file "x" > +# and the test directory "dir" must exist afterwards. > +mkdir dir || framework_failure_ > +LD_PRELOAD=./k.so \ > +rm -r dir || framework_failure_ > +test -d dir || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" > +test -f x || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" > + > +#------------------------------------------------------------------------------- > +# exercise_rm_rf_root: shell function to test "rm -r '/'" > +# The caller must provide the FILE to remove as well as any options > +# which should be passed to 'rm'. > +# Paranoia mode on: > +# For the worst case where both rm(1) would fail to refuse to process the "/" > +# argument (in the cases without the --no-preserve-root option), and > +# intercepting the unlinkat(1) system call would fail (which actually already > +# has been proven to work above), limit the damage to the current file system > +# via the --one-file-system option. , and the current non root user has write access to /, limit... > +# Furthermore, run rm(1) in the background and kill that process after > +# a maximum of 1 second or when the evidence file appears. This also > +# shortens the testing time. > +exercise_rm_rf_root () s/rf/r/ > +{ > + # Remove the evidence file "x"; verify that. > + rm -f x || framework_failure_ > + test -f x && framework_failure_ > + > + local pid > + if [ "$CU_TEST_SKIP_EXIT" = 1 ]; then > + # Pass on this variable into 'rm's environment. > + LD_PRELOAD=./k.so CU_TEST_SKIP_EXIT=1 rm \ > + -rv --one-file-system "$@" > out 2> err & pid=$! > + else > + LD_PRELOAD=./k.so rm -rv --one-file-system "$@" > out 2> err & pid=$! > + fi > + > + # Wait for the evidence file to appear, or until the process has terminated. > + for i in $(seq 10); do > + test -f x && break > + kill -0 $pid || break > + sleep .1 > + done > + > + # At this point, rm(1) usually has already terminated. Kill it anyway. > + kill -9 $pid So this might race with rm being preempted between the touch() and the exit(), causing a false failure? It's probably best to not kill if the 'x' file exists, as it's very unlikely that rm will run as normal in that case. > + > + # Get the exit status. > + wait $pid > + > + return $? > +} > + > +# "rm -r /" without --no-preserve-root should output the following > +# diagnostic error message. > +cat < exp || framework_failure_ > +rm: it is dangerous to operate recursively on '/' > +rm: use --no-preserve-root to override this failsafe > +EOD > + > +#------------------------------------------------------------------------------- > +# Exercise "rm -r /" without and with the --preserve-root option. > +# Expect a non-Zero exit status. > +for opt in '' '--preserve-root'; do > + exercise_rm_rf_root $opt '/' \ > + && fail=1 > + > + # Expect nothing in 'out' and the above error diagnostic in 'err'. > + # As rm(1) should have skipped the "/" argument, it does not call unlinkat(). > + # Therefore, the evidence file "x" should not exist. > + compare /dev/null out || fail=1 > + compare exp err || fail=1 > + test -f x && fail=1 > + # Do nothing more if this test failed. > + test $fail = 1 && { cat out; cat err; Exit $fail; } > +done > + > +#------------------------------------------------------------------------------- > +# Exercise "rm -r file1 / file2". > +# Expect a non-Zero exit status representing failure to remove "/", > +# yet 'file1' and 'file2' should be removed. > +: > file1 || framework_failure_ > +: > file2 || framework_failure_ > + > +# Now that we know that 'rm' won't call the unlinkat() system function for "/", > +# we could probably execute it without the LD_PRELOAD'ed safety net. > +# Nevertheless, it's still better to use it for this test. > +# Tell the unlinkat() replacement function to not _exit(0) immediately > +# by setting the following variable. > +CU_TEST_SKIP_EXIT=1 > + > +exercise_rm_rf_root --preserve-root file1 '/' file2 \ > + && fail=1 > + > +unset CU_TEST_SKIP_EXIT > + > +cat < out_removed > +removed 'file1' > +removed 'file2' > +EOD > + > +# The above error diagnostic should appear in 'err'. > +# Both 'file1' and 'file2' should be removed. Simply verify that in the > +# "out" file, as the replacement unlinkat() dummy did not remove them. > +# Expect the evidence file "x" to exist. > +compare out_removed out || fail=1 > +compare exp err || fail=1 > +test -f x || fail=1 > + > +# Do nothing more if this test failed. > +test $fail = 1 && { cat out; cat err; Exit $fail; } > + > +#------------------------------------------------------------------------------- > +# Exercise various synonyms of "/" including symlinks to it. > +# The error diagnostic slightly differs from that of the basic "/" case above. > +cat < exp_same || framework_failure_ > +rm: it is dangerous to operate recursively on 'FILE' (same as '/') > +rm: use --no-preserve-root to override this failsafe > +EOD > + > +# Some combinations have a trailing "." or "..". This triggers another check > +# in the code first and therefore leads to a different diagnostic. However, > +# we want to test anyway to protect against future reordering of the checks > +# in the code. > +cat < exp_dot || framework_failure_ > +rm: refusing to remove '.' or '..' directory: skipping 'FILE' > +EOD > + > +# Prepare a few symlinks to "/". > +ln -s / rootlink || framework_failure_ > +ln -s rootlink rootlink2 || framework_failure_ > +ln -s /bin/.. rootlink3 || framework_failure_ Are we guaranteed /bin everywhere? Maybe we should do something like this to get a symlink to root? ln -sr / rootlink3 || framework_failure_ > +# FIXME: for '///', '////', and more, "rm -r" outputs the error diagnostic > +# as if the bare "/" was given. For '//' not. Why?!? Possible explanation above > + > +for file in \ > + 'rootlink/' \ > + 'rootlink2/' \ > + 'rootlink3/' \ > + '//' \ > + '//.' \ > + '/./' \ > + '/../' \ > + '/.././' \ > + '/bin/..' ; do > + > + exercise_rm_rf_root --preserve-root "$file" \ > + && fail=1 > + > + sed "s,FILE,$file," exp_same > exp2 || framework_failure_ > + sed "s,FILE,$file," exp_dot > exp_dot2 || framework_failure_ > + > + # Check against the "refusing to remove '.' or '..'" diagnostic. > + compare exp_dot2 err \ > + && continue > + > + compare /dev/null out || fail=1 > + compare exp2 err || fail=1 > + test -f x && fail=1 > + > + # Do nothing more if this test failed. > + test $fail = 1 && { cat out; cat err; Exit $fail; } > +done > + > +#------------------------------------------------------------------------------- > +# Until now, it was all just fun. > +# Now exercise the --no-preserve-root option with which rm(1) should enter > +# the intercepted unlinkat() system call. > +# As the interception code terminates the process immediately via _exit(0), > +# the exit status should be 0. > +exercise_rm_rf_root --no-preserve-root '/' \ > + || fail=1 > + > +# The 'err' file should not contain the above error diagostic. s/diagostic/diagnostic/ > +grep "^rm: it is dangerous to operate recursively on '/'" err \ > + && fail=1 > + > +# Instead, rm(1) should have called the intercepted unlinkat() function, > +# i.e. the evidence file "x" should exist. > +test -f x || fail=1 > + > +test $fail = 1 && { cat out; cat err; Exit $fail; } No need to the Exit $fail here > +Exit $fail thanks! Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 25 02:32:03 2013 Received: (at 15926) by debbugs.gnu.org; 25 Nov 2013 07:32:03 +0000 Received: from localhost ([127.0.0.1]:43428 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkqeI-0003Eq-Gj for submit@debbugs.gnu.org; Mon, 25 Nov 2013 02:32:03 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:54729) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkqeF-0003EK-Mc for 15926@debbugs.gnu.org; Mon, 25 Nov 2013 02:32:00 -0500 Received: from [192.168.1.11] (p5499C6C3.dip0.t-ipconnect.de [84.153.198.195]) by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis) id 0MWhPH-1W8e5l261r-00XMCE; Mon, 25 Nov 2013 08:31:42 +0100 Message-ID: <5292FCDD.8000306@bernhard-voelker.de> Date: Mon, 25 Nov 2013 08:31:41 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529296BA.4050606@bernhard-voelker.de> <5292A383.1040006@draigBrady.com> In-Reply-To: <5292A383.1040006@draigBrady.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:8IcgAlPtSIcrW4IyaO4bvUMAYRdRDWLRV86FX4DbFQS ZtCAca+oaR2lhrde51cqBq1eTZVLYgjfY4Hu8VJRCUb9BfymZj /9Bq0YjD5Iud8Qiowbq6pCQFCkS7ZxOww+nsQ5dCNXS8VcRQiY CY4/2XTXLqFoiBtEZcYtb+FZPtbh6CISL68VpPKGYPq6Aps23e 608vABuWZK4E7qernwZ4Hf4ohVA1+TAefQndPz6EejPXkhqvHU iciIOWFA4gP7IhQDrXgpN6bvq2P12n2NGEPE852gOjZGcNMs2x WpP/RXSJ8Jmg/x0TutKqyRx+mQURz1hiSKXtmurwRC6sOB+NNo ESqeV+6T3UzFK8eNFXVTgDaSQfYldOUhBdVRodKtg X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Eric Blake , Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/25/2013 02:10 AM, Pádraig Brady wrote: > On 11/25/2013 12:15 AM, Bernhard Voelker wrote: >> +cat > k.c <<'EOF' || framework_failure_ >> +#include >> +#include >> +#include >> + >> +int unlinkat (int dirfd, const char *pathname, int flags) >> +{ >> + /* Prove that LD_PRELOAD works: create the evidence file "x". */ >> + fclose (fopen ("x", "w")); >> + >> + /* Immediately terminate, unless indicated otherwise. */ >> + if (! getenv("CU_TEST_SKIP_EXIT")) >> + _exit (0); >> + >> + /* Pretend success. */ >> + return 0; >> +} >> +EOF >> +exercise_rm_rf_root () > > s/rf/r/ > >> +{ >> + # Remove the evidence file "x"; verify that. >> + rm -f x || framework_failure_ >> + test -f x && framework_failure_ >> + >> + local pid >> + if [ "$CU_TEST_SKIP_EXIT" = 1 ]; then >> + # Pass on this variable into 'rm's environment. >> + LD_PRELOAD=./k.so CU_TEST_SKIP_EXIT=1 rm \ >> + -rv --one-file-system "$@" > out 2> err & pid=$! >> + else >> + LD_PRELOAD=./k.so rm -rv --one-file-system "$@" > out 2> err & pid=$! >> + fi >> + >> + # Wait for the evidence file to appear, or until the process has terminated. >> + for i in $(seq 10); do >> + test -f x && break >> + kill -0 $pid || break >> + sleep .1 >> + done >> + >> + # At this point, rm(1) usually has already terminated. Kill it anyway. >> + kill -9 $pid > > So this might race with rm being preempted between the touch() and the exit(), > causing a false failure? It's probably best to not kill if the 'x' file exists, > as it's very unlikely that rm will run as normal in that case. outch, the race is even more likely for the newly added "rm -r file1 / file2" case where unlinkat() is called twice without the immediate _exit() due to CU_TEST_SKIP_EXIT=1. I have to reconsider, but won't have time for that today. Thanks! Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 26 18:08:37 2013 Received: (at 15926) by debbugs.gnu.org; 26 Nov 2013 23:08:37 +0000 Received: from localhost ([127.0.0.1]:46534 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VlRkA-0003nl-5k for submit@debbugs.gnu.org; Tue, 26 Nov 2013 18:08:37 -0500 Received: from moutng.kundenserver.de ([212.227.126.186]:64825) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VlRk6-0003nW-TE for 15926@debbugs.gnu.org; Tue, 26 Nov 2013 18:08:32 -0500 Received: from [192.168.1.11] (p57A5C038.dip0.t-ipconnect.de [87.165.192.56]) by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis) id 0Lv8ja-1VdN1618uw-00zgEv; Wed, 27 Nov 2013 00:08:10 +0100 Message-ID: <529529D8.7060506@bernhard-voelker.de> Date: Wed, 27 Nov 2013 00:08:08 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529296BA.4050606@bernhard-voelker.de> <5292A383.1040006@draigBrady.com> <5292FCDD.8000306@bernhard-voelker.de> In-Reply-To: <5292FCDD.8000306@bernhard-voelker.de> Content-Type: multipart/mixed; boundary="------------020605080704030608090201" X-Provags-ID: V02:K0:ypNos2yPRQyVsCHDezl2jXj2i2BYLSOHC803hzqP0Cq XawDl/HPc/wOdmqjr7xtTwQpbtsvwnTsf1qgYPovXl9hb7cQcI SpHOGviWaAY3IxXSJ6BIW77c+/l9YHQBpeqTEKz4c89mKTGIfy RCZJQoId5EaGq63Dhszz6dzDIlIIZfn9BGiS5m+sekAMrUVph1 skgD3/oGQbQNq1NhUg45yayONVH17yF6pMd0RxQRCLTtGqQ/Fo 0cfpg7CoC6l2CCUCCrfyhrja5KKC8dMsxhw8f+7k8QuJjsTIjz e+LJndor6+ic3JvbxiDJZxE9HFM5QYtcnVCjgsohacGdILVf/e 9d9+vnSJ5rsArvpAwrOhctDE+tHS60TJgSLbgZCuv X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org>, Eric Blake , Jim Meyering , Bob Proulx X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) This is a multi-part message in MIME format. --------------020605080704030608090201 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit On 11/25/2013 08:31 AM, Bernhard Voelker wrote: > On 11/25/2013 02:10 AM, Pádraig Brady wrote: >> So this might race with rm being preempted between the touch() and the exit(), >> causing a false failure? It's probably best to not kill if the 'x' file exists, >> as it's very unlikely that rm will run as normal in that case. > > outch, the race is even more likely for the newly added "rm -r file1 / file2" > case where unlinkat() is called twice without the immediate _exit() due to > CU_TEST_SKIP_EXIT=1. > > I have to reconsider, but won't have time for that today. Hi Padraig, I simplified it by using timeout(1), as you already suggested: if [ "$CU_TEST_SKIP_EXIT" = 1 ]; then # Pass on this variable into 'rm's environment. skip_exit='CU_TEST_SKIP_EXIT=1' fi timeout --signal=KILL 2 \ env LD_PRELOAD=./k.so $skip_exit \ rm -rv --one-file-system "$@" > out 2> err I also changed the other things you mentioned. Finally, I had to pass --interactive=never to the last test to avoid the "descend into write-protected directory?" prompt. This is since rm has been executed in the background. Next try attached. Have a nice day, Berny --------------020605080704030608090201 Content-Type: text/x-patch; name="tests-add-a-test-for-rm-r-root-v3.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="tests-add-a-test-for-rm-r-root-v3.patch" >From a15731bdf727e3574a11fbff8634dfd1beabf82e Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Tue, 26 Nov 2013 23:50:08 +0100 Subject: [PATCH] tests: add a test for rm -r "/" * tests/rm/r-root.sh: Add a non-root test. * tests/local.mk (all_tests): Mention the test. --- tests/local.mk | 1 + tests/rm/r-root.sh | 239 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 240 insertions(+) create mode 100755 tests/rm/r-root.sh diff --git a/tests/local.mk b/tests/local.mk index 3c92425..1888b21 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -201,6 +201,7 @@ all_tests = \ tests/rm/r-2.sh \ tests/rm/r-3.sh \ tests/rm/r-4.sh \ + tests/rm/r-root.sh \ tests/rm/readdir-bug.sh \ tests/rm/rm1.sh \ tests/touch/empty-file.sh \ diff --git a/tests/rm/r-root.sh b/tests/rm/r-root.sh new file mode 100755 index 0000000..26db030 --- /dev/null +++ b/tests/rm/r-root.sh @@ -0,0 +1,239 @@ +#!/bin/sh +# Try to remove '/' recursively. + +# Copyright (C) 2013 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ rm + +# POSIX mandates rm(1) to skip '/' arguments. This test verifies this mandated +# behavior as well as the --preserve-root and --no-preserve-root options. +# Especially the latter case is a live fire exercise as rm(1) is supposed to +# enter the unlinkat() system call. Therefore, limit the risk as much +# as possible -- if there's a bug this test would wipe the system out! + +# Faint-hearted: skip this test for the 'root' user. +skip_if_root_ + +# Pull the teeth from rm(1) by intercepting the unlinkat() system call via the +# LD_PRELOAD environment variable. This requires shared libraries to work. +require_gcc_shared_ + +cat > k.c <<'EOF' || framework_failure_ +#include +#include +#include + +int unlinkat (int dirfd, const char *pathname, int flags) +{ + /* Prove that LD_PRELOAD works: create the evidence file "x". */ + fclose (fopen ("x", "w")); + + /* Immediately terminate, unless indicated otherwise. */ + if (! getenv("CU_TEST_SKIP_EXIT")) + _exit (0); + + /* Pretend success. */ + return 0; +} +EOF + +# Then compile/link it: +gcc -Wall --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ + || framework_failure_ 'failed to build shared library' + +# Verify that "rm -r dir" basically works. +mkdir dir || framework_failure_ +rm -r dir || framework_failure_ +test -d dir && framework_failure_ + +# Now verify that intercepting unlinkat() works: +# rm(1) must succeed as before, but this time both the evidence file "x" +# and the test directory "dir" must exist afterwards. +mkdir dir || framework_failure_ +LD_PRELOAD=./k.so \ +rm -r dir || framework_failure_ +test -d dir || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" +test -f x || skip_ "internal test failure: maybe LD_PRELOAD doesn't work?" + +#------------------------------------------------------------------------------- +# exercise_rm_r_root: shell function to test "rm -r '/'" +# The caller must provide the FILE to remove as well as any options +# which should be passed to 'rm'. +# Paranoia mode on: +# For the worst case where both rm(1) would fail to refuse to process the "/" +# argument (in the cases without the --no-preserve-root option), and +# intercepting the unlinkat(1) system call would fail (which actually already +# has been proven to work above), and the current non root user has +# write access to "/", limit the damage to the current file system via +# the --one-file-system option. +# Furthermore, run rm(1) via timeout(1) that kills that process after +# a maximum of 2 seconds. +exercise_rm_r_root () +{ + # Remove the evidence file "x"; verify that. + rm -f x || framework_failure_ + test -f x && framework_failure_ + + local skip_exit= + if [ "$CU_TEST_SKIP_EXIT" = 1 ]; then + # Pass on this variable into 'rm's environment. + skip_exit='CU_TEST_SKIP_EXIT=1' + fi + + timeout --signal=KILL 2 \ + env LD_PRELOAD=./k.so $skip_exit \ + rm -rv --one-file-system "$@" > out 2> err + + return $? +} + +# "rm -r /" without --no-preserve-root should output the following +# diagnostic error message. +cat < exp || framework_failure_ +rm: it is dangerous to operate recursively on '/' +rm: use --no-preserve-root to override this failsafe +EOD + +#------------------------------------------------------------------------------- +# Exercise "rm -r /" without and with the --preserve-root option. +# Also exercise the synonyms '///' and '////' which would normally go into +# the 'synonyms' test category below; but due to the way gnulib's fts_open() +# performs trimming of trailing slashes ("///" -> "/"), the error diagnostic +# is the same as for a bare "/", see the ROOT_DEV_INO_WARN macro. +# Expect a non-Zero exit status. +for opts in '/' '--preserve-root /' '///' '////'; do + exercise_rm_r_root $opts \ + && fail=1 + + # Expect nothing in 'out' and the above error diagnostic in 'err'. + # As rm(1) should have skipped the "/" argument, it does not call unlinkat(). + # Therefore, the evidence file "x" should not exist. + compare /dev/null out || fail=1 + compare exp err || fail=1 + test -f x && fail=1 + + # Do nothing more if this test failed. + test $fail = 1 && { cat out; cat err; Exit $fail; } +done + +#------------------------------------------------------------------------------- +# Exercise "rm -r file1 / file2". +# Expect a non-Zero exit status representing failure to remove "/", +# yet 'file1' and 'file2' should be removed. +: > file1 || framework_failure_ +: > file2 || framework_failure_ + +# Now that we know that 'rm' won't call the unlinkat() system function for "/", +# we could probably execute it without the LD_PRELOAD'ed safety net. +# Nevertheless, it's still better to use it for this test. +# Tell the unlinkat() replacement function to not _exit(0) immediately +# by setting the following variable. +CU_TEST_SKIP_EXIT=1 + +exercise_rm_r_root --preserve-root file1 '/' file2 \ + && fail=1 + +unset CU_TEST_SKIP_EXIT + +cat < out_removed +removed 'file1' +removed 'file2' +EOD + +# The above error diagnostic should appear in 'err'. +# Both 'file1' and 'file2' should be removed. Simply verify that in the +# "out" file, as the replacement unlinkat() dummy did not remove them. +# Expect the evidence file "x" to exist. +compare out_removed out || fail=1 +compare exp err || fail=1 +test -f x || fail=1 + +# Do nothing more if this test failed. +test $fail = 1 && { cat out; cat err; Exit $fail; } + +#------------------------------------------------------------------------------- +# Exercise various synonyms of "/" including symlinks to it. +# The error diagnostic slightly differs from that of the basic "/" case above. +cat < exp_same || framework_failure_ +rm: it is dangerous to operate recursively on 'FILE' (same as '/') +rm: use --no-preserve-root to override this failsafe +EOD + +# Some combinations have a trailing "." or "..". This triggers another check +# in the code first and therefore leads to a different diagnostic. However, +# we want to test anyway to protect against future reordering of the checks +# in the code. +cat < exp_dot || framework_failure_ +rm: refusing to remove '.' or '..' directory: skipping 'FILE' +EOD + +# Prepare a few symlinks to "/". +ln -s / rootlink || framework_failure_ +ln -s rootlink rootlink2 || framework_failure_ +ln -sr / rootlink3 || framework_failure_ + +for file in \ + 'rootlink/' \ + 'rootlink2/' \ + 'rootlink3/' \ + '//' \ + '//.' \ + '/./' \ + '/../' \ + '/.././' \ + '/bin/..' ; do + + exercise_rm_r_root --preserve-root "$file" \ + && fail=1 + + sed "s,FILE,$file," exp_same > exp2 || framework_failure_ + sed "s,FILE,$file," exp_dot > exp_dot2 || framework_failure_ + + # Check against the "refusing to remove '.' or '..'" diagnostic. + compare exp_dot2 err \ + && continue + + compare /dev/null out || fail=1 + compare exp2 err || fail=1 + test -f x && fail=1 + + # Do nothing more if this test failed. + test $fail = 1 && { cat out; cat err; Exit $fail; } +done + +#------------------------------------------------------------------------------- +# Until now, it was all just fun. +# Now exercise the --no-preserve-root option with which rm(1) should enter +# the intercepted unlinkat() system call. +# As the interception code terminates the process immediately via _exit(0), +# the exit status should be 0. +# Use the option --interactive=never to bypass the following prompt: +# "rm: descend into write-protected directory '/'?" +exercise_rm_r_root --interactive=never --no-preserve-root '/' \ + || fail=1 + +# The 'err' file should not contain the above error diagnostic. +grep "^rm: it is dangerous to operate recursively on '/'" err \ + && fail=1 + +# Instead, rm(1) should have called the intercepted unlinkat() function, +# i.e. the evidence file "x" should exist. +test -f x || fail=1 + +test $fail = 1 && { cat out; cat err; } + +Exit $fail -- 1.8.3.1 --------------020605080704030608090201-- From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 26 22:14:58 2013 Received: (at 15926) by debbugs.gnu.org; 27 Nov 2013 03:14:58 +0000 Received: from localhost ([127.0.0.1]:46660 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VlVab-0001TT-SN for submit@debbugs.gnu.org; Tue, 26 Nov 2013 22:14:58 -0500 Received: from mail2.vodafone.ie ([213.233.128.44]:39259) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VlVaZ-0001TC-4I for 15926@debbugs.gnu.org; Tue, 26 Nov 2013 22:14:56 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.77.114.67]) by mail2.vodafone.ie with ESMTP; 27 Nov 2013 03:14:48 +0000 Message-ID: <529563A8.7090407@draigBrady.com> Date: Wed, 27 Nov 2013 03:14:48 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529296BA.4050606@bernhard-voelker.de> <5292A383.1040006@draigBrady.com> <5292FCDD.8000306@bernhard-voelker.de> <529529D8.7060506@bernhard-voelker.de> In-Reply-To: <529529D8.7060506@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/26/2013 11:08 PM, Bernhard Voelker wrote: > +#------------------------------------------------------------------------------- > +# Exercise "rm -r /" without and with the --preserve-root option. > +# Also exercise the synonyms '///' and '////' which would normally go into > +# the 'synonyms' test category below; but due to the way gnulib's fts_open() > +# performs trimming of trailing slashes ("///" -> "/"), the error diagnostic > +# is the same as for a bare "/", see the ROOT_DEV_INO_WARN macro. > +# Expect a non-Zero exit status. > +for opts in '/' '--preserve-root /' '///' '////'; do This relies on that fts behavior, which I'm a bit wary about coupling to. I'd be inclined to lump all the synonyms together and just be less stringent in the error message we compare there. > + exercise_rm_r_root $opts \ > + && fail=1 So this call has 2s to work or we fail the test. That seems too short from experience of running many tests in parallel on slow/loaded systems. This is at odds of course with trying to get rm not run for too long. As I said I wouldn't bother with that constraint, and I can't think how to avoid false failures doing that. > + # Expect nothing in 'out' and the above error diagnostic in 'err'. > + # As rm(1) should have skipped the "/" argument, it does not call unlinkat(). > + # Therefore, the evidence file "x" should not exist. > + compare /dev/null out || fail=1 > + compare exp err || fail=1 > + test -f x && fail=1 > + > + # Do nothing more if this test failed. > + test $fail = 1 && { cat out; cat err; Exit $fail; } > +done > + > +#------------------------------------------------------------------------------- > +# Exercise "rm -r file1 / file2". > +# Expect a non-Zero exit status representing failure to remove "/", > +# yet 'file1' and 'file2' should be removed. > +: > file1 || framework_failure_ > +: > file2 || framework_failure_ > + > +# Now that we know that 'rm' won't call the unlinkat() system function for "/", > +# we could probably execute it without the LD_PRELOAD'ed safety net. > +# Nevertheless, it's still better to use it for this test. > +# Tell the unlinkat() replacement function to not _exit(0) immediately > +# by setting the following variable. > +CU_TEST_SKIP_EXIT=1 > + > +exercise_rm_r_root --preserve-root file1 '/' file2 \ > + && fail=1 > + > +unset CU_TEST_SKIP_EXIT > + > +cat < out_removed > +removed 'file1' > +removed 'file2' > +EOD > + > +# The above error diagnostic should appear in 'err'. > +# Both 'file1' and 'file2' should be removed. Simply verify that in the > +# "out" file, as the replacement unlinkat() dummy did not remove them. > +# Expect the evidence file "x" to exist. > +compare out_removed out || fail=1 > +compare exp err || fail=1 > +test -f x || fail=1 > + > +# Do nothing more if this test failed. > +test $fail = 1 && { cat out; cat err; Exit $fail; } > + > +#------------------------------------------------------------------------------- > +# Exercise various synonyms of "/" including symlinks to it. > +# The error diagnostic slightly differs from that of the basic "/" case above. > +cat < exp_same || framework_failure_ > +rm: it is dangerous to operate recursively on 'FILE' (same as '/') > +rm: use --no-preserve-root to override this failsafe > +EOD > + > +# Some combinations have a trailing "." or "..". This triggers another check > +# in the code first and therefore leads to a different diagnostic. However, > +# we want to test anyway to protect against future reordering of the checks > +# in the code. > +cat < exp_dot || framework_failure_ > +rm: refusing to remove '.' or '..' directory: skipping 'FILE' > +EOD > + > +# Prepare a few symlinks to "/". > +ln -s / rootlink || framework_failure_ > +ln -s rootlink rootlink2 || framework_failure_ > +ln -sr / rootlink3 || framework_failure_ > + > +for file in \ > + 'rootlink/' \ > + 'rootlink2/' \ > + 'rootlink3/' \ > + '//' \ > + '//.' \ > + '/./' \ > + '/../' \ > + '/.././' \ > + '/bin/..' ; do I'm still worried about /bin being always present. How about: test -d "$file" || continue > + > + exercise_rm_r_root --preserve-root "$file" \ > + && fail=1 > + > + sed "s,FILE,$file," exp_same > exp2 || framework_failure_ > + sed "s,FILE,$file," exp_dot > exp_dot2 || framework_failure_ > + > + # Check against the "refusing to remove '.' or '..'" diagnostic. > + compare exp_dot2 err \ > + && continue > + > + compare /dev/null out || fail=1 > + compare exp2 err || fail=1 > + test -f x && fail=1 > + > + # Do nothing more if this test failed. > + test $fail = 1 && { cat out; cat err; Exit $fail; } > +done > + > +#------------------------------------------------------------------------------- > +# Until now, it was all just fun. > +# Now exercise the --no-preserve-root option with which rm(1) should enter > +# the intercepted unlinkat() system call. > +# As the interception code terminates the process immediately via _exit(0), > +# the exit status should be 0. > +# Use the option --interactive=never to bypass the following prompt: > +# "rm: descend into write-protected directory '/'?" > +exercise_rm_r_root --interactive=never --no-preserve-root '/' \ > + || fail=1 /me doubles checks unlinkat() is the only function that should be called, and the previous checks guarantee this... OK :) thanks! Pádraig. p.s. something that might be worth looking at in future, would be to use runcon to restrict the process using selinux if in selinux enforcing mode. From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 27 19:14:27 2013 Received: (at 15926) by debbugs.gnu.org; 28 Nov 2013 00:14:27 +0000 Received: from localhost ([127.0.0.1]:48154 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VlpFS-0001I0-8Y for submit@debbugs.gnu.org; Wed, 27 Nov 2013 19:14:27 -0500 Received: from moutng.kundenserver.de ([212.227.17.9]:57936) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VlpFO-0001Hi-4k for 15926@debbugs.gnu.org; Wed, 27 Nov 2013 19:14:23 -0500 Received: from [192.168.1.11] (p57A5C76D.dip0.t-ipconnect.de [87.165.199.109]) by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis) id 0MUTsx-1WC3D335pD-00R1oE; Thu, 28 Nov 2013 01:14:14 +0100 Message-ID: <52968AD6.7020005@bernhard-voelker.de> Date: Thu, 28 Nov 2013 01:14:14 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529296BA.4050606@bernhard-voelker.de> <5292A383.1040006@draigBrady.com> <5292FCDD.8000306@bernhard-voelker.de> <529529D8.7060506@bernhard-voelker.de> <529563A8.7090407@draigBrady.com> In-Reply-To: <529563A8.7090407@draigBrady.com> Content-Type: multipart/mixed; boundary="------------030908090304090503050301" X-Provags-ID: V02:K0:/rH+5cXJOoebnwDfM8TaPzpdLpy8wi7Ge1x5/Jzr0sz jHLuoz0kBkEClkHytX7hG9cMTx8KQbzkLOhelKyHa3dV7qaHnH iP20Vvaup+nBAucLyihQkB0F2wOLoGdnAQxULtymqL1VLRV+9j 5IWA50G8aggSJ7CZ13AFw5xmj41erz/0XLotGJXc2IFKNuOiHx rQ3E3Fhj+CrOigc6v4ghtx2G5VvpGEvydBLZW8zb2cLEHYQ4Rx uY9/kWdbydQXLTrCz2GQ5g8uDnkKFOu3Qv36KGZP5/WSF4Kfu8 EjWtuNEF7lDw4HHNolk3fx/Qswqxe0F/Wtm12/Pqp73+5/g6ZD xqZTLrOsJlf9z65RGwef58mamEiHU1OLjlqmWF4nz X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) This is a multi-part message in MIME format. --------------030908090304090503050301 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit On 11/27/2013 04:14 AM, Pádraig Brady wrote: > On 11/26/2013 11:08 PM, Bernhard Voelker wrote: >> +#------------------------------------------------------------------------------- >> +# Exercise "rm -r /" without and with the --preserve-root option. >> +# Also exercise the synonyms '///' and '////' which would normally go into >> +# the 'synonyms' test category below; but due to the way gnulib's fts_open() >> +# performs trimming of trailing slashes ("///" -> "/"), the error diagnostic >> +# is the same as for a bare "/", see the ROOT_DEV_INO_WARN macro. >> +# Expect a non-Zero exit status. >> +for opts in '/' '--preserve-root /' '///' '////'; do > > This relies on that fts behavior, which I'm a bit wary about coupling to. > I'd be inclined to lump all the synonyms together and just > be less stringent in the error message we compare there. Good point, done. While at it, I separated the "refusing to remove '.' or '..'" cases from the "it is dangerous to operate recursively on '/'" cases. >> + exercise_rm_r_root $opts \ >> + && fail=1 > > So this call has 2s to work or we fail the test. > That seems too short from experience of running many tests > in parallel on slow/loaded systems. > This is at odds of course with trying to get rm not run > for too long. As I said I wouldn't bother with that constraint, > and I can't think how to avoid false failures doing that. The whole test with 21 test cases lasts .5 - .8 seconds here on a 3-4 year-old PC - measured via "time make tests/rm/r-root.log". I'd vote for being conservative for now, i.e. stay with "timeout 2", and increase the timeout if we see false positives. >> +for file in \ >> + 'rootlink/' \ >> + 'rootlink2/' \ >> + 'rootlink3/' \ >> + '//' \ >> + '//.' \ >> + '/./' \ >> + '/../' \ >> + '/.././' \ >> + '/bin/..' ; do > > I'm still worried about /bin being always present. > How about: test -d "$file" || continue Good idea, added. That reminded me that on some systems /usr/bin and /bin may be the same, and switched to testing '/etc/..'. > /me doubles checks unlinkat() is the only function that should be called, > and the previous checks guarantee this... OK :) Not quite: it only checked for a directory. I added a check for a file. > p.s. something that might be worth looking at in future, > would be to use runcon to restrict the process using selinux > if in selinux enforcing mode. I've never used selinux (knowingly), so I don't know much about it. But feel free to add it. ;-) Thanks for the review! Have a nice day, Berny --------------030908090304090503050301 Content-Type: text/x-patch; name="tests-rm-r-root.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="tests-rm-r-root.patch" >From a9819408b4d96b399373de4041628552ef053f7a Mon Sep 17 00:00:00 2001 From: Bernhard Voelker Date: Thu, 28 Nov 2013 01:02:22 +0100 Subject: [PATCH] tests: add a test for rm -r "/" * tests/rm/r-root.sh: Add a non-root test. * tests/local.mk (all_tests): Mention the test. --- tests/local.mk | 1 + tests/rm/r-root.sh | 248 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 249 insertions(+) create mode 100755 tests/rm/r-root.sh diff --git a/tests/local.mk b/tests/local.mk index 19bbbd7..9b851f4 100644 --- a/tests/local.mk +++ b/tests/local.mk @@ -201,6 +201,7 @@ all_tests = \ tests/rm/r-2.sh \ tests/rm/r-3.sh \ tests/rm/r-4.sh \ + tests/rm/r-root.sh \ tests/rm/readdir-bug.sh \ tests/rm/rm1.sh \ tests/touch/empty-file.sh \ diff --git a/tests/rm/r-root.sh b/tests/rm/r-root.sh new file mode 100755 index 0000000..aa52bc4 --- /dev/null +++ b/tests/rm/r-root.sh @@ -0,0 +1,248 @@ +#!/bin/sh +# Try to remove '/' recursively. + +# Copyright (C) 2013 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src +print_ver_ rm + +# POSIX mandates rm(1) to skip '/' arguments. This test verifies this mandated +# behavior as well as the --preserve-root and --no-preserve-root options. +# Especially the latter case is a live fire exercise as rm(1) is supposed to +# enter the unlinkat() system call. Therefore, limit the risk as much +# as possible -- if there's a bug this test would wipe the system out! + +# Faint-hearted: skip this test for the 'root' user. +skip_if_root_ + +# Pull the teeth from rm(1) by intercepting the unlinkat() system call via the +# LD_PRELOAD environment variable. This requires shared libraries to work. +require_gcc_shared_ + +cat > k.c <<'EOF' || framework_failure_ +#include +#include +#include + +int unlinkat (int dirfd, const char *pathname, int flags) +{ + /* Prove that LD_PRELOAD works: create the evidence file "x". */ + fclose (fopen ("x", "w")); + + /* Immediately terminate, unless indicated otherwise. */ + if (! getenv("CU_TEST_SKIP_EXIT")) + _exit (0); + + /* Pretend success. */ + return 0; +} +EOF + +# Then compile/link it: +gcc -Wall --std=gnu99 -shared -fPIC -ldl -O2 k.c -o k.so \ + || framework_failure_ 'failed to build shared library' + +#------------------------------------------------------------------------------- +# exercise_rm_r_root: shell function to test "rm -r '/'" +# The caller must provide the FILE to remove as well as any options +# which should be passed to 'rm'. +# Paranoia mode on: +# For the worst case where both rm(1) would fail to refuse to process the "/" +# argument (in the cases without the --no-preserve-root option), and +# intercepting the unlinkat(1) system call would fail (which actually already +# has been proven to work above), and the current non root user has +# write access to "/", limit the damage to the current file system via +# the --one-file-system option. +# Furthermore, run rm(1) via timeout(1) that kills that process after +# a maximum of 2 seconds. +exercise_rm_r_root () +{ + # Remove the evidence file "x"; verify that. + rm -f x || framework_failure_ + test -f x && framework_failure_ + + local skip_exit= + if [ "$CU_TEST_SKIP_EXIT" = 1 ]; then + # Pass on this variable into 'rm's environment. + skip_exit='CU_TEST_SKIP_EXIT=1' + fi + + timeout --signal=KILL 2 \ + env LD_PRELOAD=./k.so $skip_exit \ + rm -rv --one-file-system "$@" > out 2> err + + return $? +} + +# Verify that "rm -r dir" basically works. +mkdir dir || framework_failure_ +rm -r dir || framework_failure_ +test -d dir && framework_failure_ + +# Now verify that intercepting unlinkat() works: +# rm(1) must succeed as before, but this time both the evidence file "x" +# and the test file / directory must still exist afterward. +mkdir dir || framework_failure_ +: > file || framework_failure_ + +skip= +for file in dir file ; do + exercise_rm_r_root "$file" || skip=1 + test -e "$file" || skip=1 + test -f x || skip=1 + + test $skip = 1 \ + && { cat out; cat err; \ + skip_ "internal test failure: maybe LD_PRELOAD doesn't work?"; } +done + +# "rm -r /" without --no-preserve-root should output the following +# diagnostic error message. +cat < exp || framework_failure_ +rm: it is dangerous to operate recursively on '/' +rm: use --no-preserve-root to override this failsafe +EOD + +#------------------------------------------------------------------------------- +# Exercise "rm -r /" without and with the --preserve-root option. +# Exercise various synonyms of "/" including symlinks to it. +# Expect a non-Zero exit status. +# Prepare a few symlinks to "/". +ln -s / rootlink || framework_failure_ +ln -s rootlink rootlink2 || framework_failure_ +ln -sr / rootlink3 || framework_failure_ + +for opts in \ + '/' \ + '--preserve-root /' \ + '//' \ + '///' \ + '////' \ + 'rootlink/' \ + 'rootlink2/' \ + 'rootlink3/' ; do + + exercise_rm_r_root $opts \ + && fail=1 + + # For some of the synonyms, the error diagnostic slightly differs from that + # of the basic "/" case (see gnulib's fts_open' and ROOT_DEV_INO_WARN): + # rm: it is dangerous to operate recursively on 'FILE' (same as '/') + # Strip that part off for the following comparison. + sed "s/\(rm: it is dangerous to operate recursively on\).*$/\1 '\/'/" err \ + > err2 || framework_failure_ + + # Expect nothing in 'out' and the above error diagnostic in 'err2'. + # As rm(1) should have skipped the "/" argument, it does not call unlinkat(). + # Therefore, the evidence file "x" should not exist. + compare /dev/null out || fail=1 + compare exp err2 || fail=1 + test -f x && fail=1 + + # Do nothing more if this test failed. + test $fail = 1 && { cat out; cat err; Exit $fail; } +done + +#------------------------------------------------------------------------------- +# Exercise "rm -r file1 / file2". +# Expect a non-Zero exit status representing failure to remove "/", +# yet 'file1' and 'file2' should be removed. +: > file1 || framework_failure_ +: > file2 || framework_failure_ + +# Now that we know that 'rm' won't call the unlinkat() system function for "/", +# we could probably execute it without the LD_PRELOAD'ed safety net. +# Nevertheless, it's still better to use it for this test. +# Tell the unlinkat() replacement function to not _exit(0) immediately +# by setting the following variable. +CU_TEST_SKIP_EXIT=1 + +exercise_rm_r_root --preserve-root file1 '/' file2 \ + && fail=1 + +unset CU_TEST_SKIP_EXIT + +cat < out_removed +removed 'file1' +removed 'file2' +EOD + +# The above error diagnostic should appear in 'err'. +# Both 'file1' and 'file2' should be removed. Simply verify that in the +# "out" file, as the replacement unlinkat() dummy did not remove them. +# Expect the evidence file "x" to exist. +compare out_removed out || fail=1 +compare exp err || fail=1 +test -f x || fail=1 + +# Do nothing more if this test failed. +test $fail = 1 && { cat out; cat err; Exit $fail; } + +#------------------------------------------------------------------------------- +# Exercise various synonyms of "/" having a trailing "." or ".." in the name. +# This triggers another check in the code first and therefore leads to a +# different diagnostic. However, we want to test anyway to protect against +# future reordering of the checks in the code. +# Expect that other error diagnostic in 'err' and nothing in 'out'. +# Expect a non-Zero exit status. The evidence file "x" should not exist. +for file in \ + '//.' \ + '/./' \ + '/.//' \ + '/../' \ + '/.././' \ + '/etc/..' \ + 'rootlink/..' \ + 'rootlink2/.' \ + 'rootlink3/./' ; do + + test -d "$file" || continue # if e.g. /etc does not exist. + + exercise_rm_r_root --preserve-root "$file" \ + && fail=1 + + grep "^rm: refusing to remove '\.' or '\.\.' directory: skipping" err \ + || fail=1 + + compare /dev/null out || fail=1 + test -f x && fail=1 + + # Do nothing more if this test failed. + test $fail = 1 && { cat out; cat err; Exit $fail; } +done + +#------------------------------------------------------------------------------- +# Until now, it was all just fun. +# Now exercise the --no-preserve-root option with which rm(1) should enter +# the intercepted unlinkat() system call. +# As the interception code terminates the process immediately via _exit(0), +# the exit status should be 0. +# Use the option --interactive=never to bypass the following prompt: +# "rm: descend into write-protected directory '/'?" +exercise_rm_r_root --interactive=never --no-preserve-root '/' \ + || fail=1 + +# The 'err' file should not contain the above error diagnostic. +grep "^rm: it is dangerous to operate recursively on '/'" err \ + && fail=1 + +# Instead, rm(1) should have called the intercepted unlinkat() function, +# i.e. the evidence file "x" should exist. +test -f x || fail=1 + +test $fail = 1 && { cat out; cat err; } + +Exit $fail -- 1.8.3.1 --------------030908090304090503050301-- From debbugs-submit-bounces@debbugs.gnu.org Thu Nov 28 20:43:15 2013 Received: (at 15926) by debbugs.gnu.org; 29 Nov 2013 01:43:15 +0000 Received: from localhost ([127.0.0.1]:49435 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmD6w-0002sz-K2 for submit@debbugs.gnu.org; Thu, 28 Nov 2013 20:43:15 -0500 Received: from mail6.vodafone.ie ([213.233.128.184]:28015) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmD6s-0002sg-Hi for 15926@debbugs.gnu.org; Thu, 28 Nov 2013 20:43:11 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.76.187.79]) by mail3.vodafone.ie with ESMTP; 29 Nov 2013 01:43:04 +0000 Message-ID: <5297F128.80302@draigBrady.com> Date: Fri, 29 Nov 2013 01:43:04 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bernhard Voelker Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529296BA.4050606@bernhard-voelker.de> <5292A383.1040006@draigBrady.com> <5292FCDD.8000306@bernhard-voelker.de> <529529D8.7060506@bernhard-voelker.de> <529563A8.7090407@draigBrady.com> <52968AD6.7020005@bernhard-voelker.de> In-Reply-To: <52968AD6.7020005@bernhard-voelker.de> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/28/2013 12:14 AM, Bernhard Voelker wrote: > On 11/27/2013 04:14 AM, Pádraig Brady wrote: >> On 11/26/2013 11:08 PM, Bernhard Voelker wrote: >>> +#------------------------------------------------------------------------------- >>> +# Exercise "rm -r /" without and with the --preserve-root option. >>> +# Also exercise the synonyms '///' and '////' which would normally go into >>> +# the 'synonyms' test category below; but due to the way gnulib's fts_open() >>> +# performs trimming of trailing slashes ("///" -> "/"), the error diagnostic >>> +# is the same as for a bare "/", see the ROOT_DEV_INO_WARN macro. >>> +# Expect a non-Zero exit status. >>> +for opts in '/' '--preserve-root /' '///' '////'; do >> >> This relies on that fts behavior, which I'm a bit wary about coupling to. >> I'd be inclined to lump all the synonyms together and just >> be less stringent in the error message we compare there. > > Good point, done. > While at it, I separated the "refusing to remove '.' or '..'" cases > from the "it is dangerous to operate recursively on '/'" cases. > >>> + exercise_rm_r_root $opts \ >>> + && fail=1 >> >> So this call has 2s to work or we fail the test. >> That seems too short from experience of running many tests >> in parallel on slow/loaded systems. >> This is at odds of course with trying to get rm not run >> for too long. As I said I wouldn't bother with that constraint, >> and I can't think how to avoid false failures doing that. > > The whole test with 21 test cases lasts .5 - .8 seconds here on > a 3-4 year-old PC - measured via "time make tests/rm/r-root.log". > I'd vote for being conservative for now, i.e. stay with "timeout 2", > and increase the timeout if we see false positives. > >>> +for file in \ >>> + 'rootlink/' \ >>> + 'rootlink2/' \ >>> + 'rootlink3/' \ >>> + '//' \ >>> + '//.' \ >>> + '/./' \ >>> + '/../' \ >>> + '/.././' \ >>> + '/bin/..' ; do >> >> I'm still worried about /bin being always present. >> How about: test -d "$file" || continue > > Good idea, added. > That reminded me that on some systems /usr/bin and /bin > may be the same, and switched to testing '/etc/..'. > >> /me doubles checks unlinkat() is the only function that should be called, >> and the previous checks guarantee this... OK :) > > Not quite: it only checked for a directory. > I added a check for a file. > >> p.s. something that might be worth looking at in future, >> would be to use runcon to restrict the process using selinux >> if in selinux enforcing mode. > > I've never used selinux (knowingly), so I don't know much about > it. But feel free to add it. ;-) > > Thanks for the review! > > Have a nice day, > Berny > It all looks good apart from the `timeout 2` race. Unlikely but not something we could release on a bazillion build hosts doing `make check`. So as a compromise how about disabling the test by default by adding: expensive_ I.E. it would only be developers that would be running this, who might be less likely to hit the issue, or at least more likely to recognize it and not report false positives. thanks! Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 29 02:11:08 2013 Received: (at 15926) by debbugs.gnu.org; 29 Nov 2013 07:11:08 +0000 Received: from localhost ([127.0.0.1]:49603 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmIEF-0003uc-Lq for submit@debbugs.gnu.org; Fri, 29 Nov 2013 02:11:08 -0500 Received: from moutng.kundenserver.de ([212.227.17.9]:50568) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmIEC-0003u1-Hj for 15926@debbugs.gnu.org; Fri, 29 Nov 2013 02:11:05 -0500 Received: from [192.168.1.11] (p5091FFEF.dip0.t-ipconnect.de [80.145.255.239]) by mrelayeu.kundenserver.de (node=mreu4) with ESMTP (Nemesis) id 0Ll4qI-1VEsQ33DYk-00b16r; Fri, 29 Nov 2013 08:10:57 +0100 Message-ID: <52983E01.9010106@bernhard-voelker.de> Date: Fri, 29 Nov 2013 08:10:57 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: =?ISO-8859-1?Q?P=E1draig_Brady?= Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <20131119204511.GA4448@hysteria.proulx.com> <528C1C2F.1060301@redhat.com> <528C5AA3.2050902@bernhard-voelker.de> <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <5290052F.30301@draigBrady.com> <529296BA.4050606@bernhard-voelker.de> <5292A383.1040006@draigBrady.com> <5292FCDD.8000306@bernhard-voelker.de> <529529D8.7060506@bernhard-voelker.de> <529563A8.7090407@draigBrady.com> <52968AD6.7020005@bernhard-voelker.de> <5297F128.80302@draigBrady.com> In-Reply-To: <5297F128.80302@draigBrady.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:q7BfYDjuXIheIY5UaUYzbJevYMuU4GOLT1fltE+h1/g AOdFpXEWEjrKPvX9rk8C4jNR5calf+jCC1RM1YFXO/us3SkBaE YKX68VHKQvYM+fxHbT3F/fsJIa4vpWtH7y2Fk1rPRxSuth4wDl lRSOg34r5QcvZjpl2qJwScAY6/vSym7zrxDEd2/7hXuBOHUD6U qLEVGta2JKAdoDMIZjOT+xlz4AtkKdI38gXjdWmcDRgBwEQUbC LVveJLlVR7Tcy8LVV+scqTgz31qYQ97G+aD1xwgruLrg2Pk+Yr wtUyWfnBVdZFtKNtFHpR720XPbfIncv7uBCj1i1xr36+lBhhEv 9AXvR3NEWm7Q5ncG9xpwgtOC1CL4j0rROw083C2jW X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/29/2013 02:43 AM, Pádraig Brady wrote: > It all looks good [...] Thanks for the review(s)! > [...] apart from the `timeout 2` race. > Unlikely but not something we could release on a bazillion > build hosts doing `make check`. > So as a compromise how about disabling the test by default by adding: > > expensive_ > > I.E. it would only be developers that would be running this, > who might be less likely to hit the issue, or at least > more likely to recognize it and not report false positives. I agree. I found a precedent case in tests/misc/sort-spinlock-abuse.sh. I'll add the following before pushing. Thanks again & have a nice day, Berny diff --git a/tests/rm/r-root.sh b/tests/rm/r-root.sh index aa52bc4..9656274 100755 --- a/tests/rm/r-root.sh +++ b/tests/rm/r-root.sh @@ -32,6 +32,14 @@ skip_if_root_ # LD_PRELOAD environment variable. This requires shared libraries to work. require_gcc_shared_ +# This isn't terribly expensive, but it must not be run under heavy load. +# The reason is the conservative 'timeout' setting below to limit possible +# damage in the worst case which yields a race under heavy load. +# Marking this test as "expensive" therefore is a compromise, i.e., adding +# this test to the list ensures it still gets _some_ (albeit minimal) +# coverage while not causing false-positive failures in day to day runs. +expensive_ + cat > k.c <<'EOF' || framework_failure_ #include #include From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 29 14:57:37 2013 Received: (at 15926) by debbugs.gnu.org; 29 Nov 2013 19:57:38 +0000 Received: from localhost ([127.0.0.1]:50560 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmUC1-0007WI-9t for submit@debbugs.gnu.org; Fri, 29 Nov 2013 14:57:37 -0500 Received: from joseki.proulx.com ([216.17.153.58]:55348) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmUBx-0007W6-Kn for 15926@debbugs.gnu.org; Fri, 29 Nov 2013 14:57:34 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id 7FFA921228 for <15926@debbugs.gnu.org>; Fri, 29 Nov 2013 12:57:32 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id 56D8C2DCD5; Fri, 29 Nov 2013 12:57:32 -0700 (MST) Date: Fri, 29 Nov 2013 12:57:32 -0700 From: Bob Proulx To: 15926 <15926@debbugs.gnu.org> Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call Message-ID: <20131129195732.GG25951@hysteria.proulx.com> References: <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <529012E3.9010301@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <529012E3.9010301@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Eric Blake wrote: > Bernhard Voelker wrote: > > Bob Proulx wrote: > > +# Exercise "rm -rf /" without the --preserve-root and --no-preserve-root option. > > +# Expect a non-Zero exist status. > > +exercise_rm_rf_root \ > > + && fail=1 > > Maybe you should favor 'rm -r /' rather than 'rm -rf /'. That way, even > if all the failsafes are bypassed, you at least have better logging of > what started to go wrong rather than silence. I still think this is a very scary test and isn't worth the return on investment. It is the kind of thing that makes me think I could never recommend building coreutils anywhere but in a throwaway chroot. Because the risk of a failure is just so very extremely high. That would be a shame. Bob From debbugs-submit-bounces@debbugs.gnu.org Fri Nov 29 20:48:45 2013 Received: (at 15926) by debbugs.gnu.org; 30 Nov 2013 01:48:45 +0000 Received: from localhost ([127.0.0.1]:50888 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmZfp-0002ER-AI for submit@debbugs.gnu.org; Fri, 29 Nov 2013 20:48:45 -0500 Received: from mail2.vodafone.ie ([213.233.128.44]:30409) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmZfl-0002E7-P3 for 15926@debbugs.gnu.org; Fri, 29 Nov 2013 20:48:42 -0500 Received: from unknown (HELO [192.168.1.79]) ([109.77.186.208]) by mail2.vodafone.ie with ESMTP; 30 Nov 2013 01:48:31 +0000 Message-ID: <529943EF.6070308@draigBrady.com> Date: Sat, 30 Nov 2013 01:48:31 +0000 From: =?ISO-8859-1?Q?P=E1draig_Brady?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <529012E3.9010301@redhat.com> <20131129195732.GG25951@hysteria.proulx.com> In-Reply-To: <20131129195732.GG25951@hysteria.proulx.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On 11/29/2013 07:57 PM, Bob Proulx wrote: > Eric Blake wrote: >> Bernhard Voelker wrote: >>> Bob Proulx wrote: >>> +# Exercise "rm -rf /" without the --preserve-root and --no-preserve-root option. >>> +# Expect a non-Zero exist status. >>> +exercise_rm_rf_root \ >>> + && fail=1 >> >> Maybe you should favor 'rm -r /' rather than 'rm -rf /'. That way, even >> if all the failsafes are bypassed, you at least have better logging of >> what started to go wrong rather than silence. > > I still think this is a very scary test and isn't worth the return on > investment. It is the kind of thing that makes me think I could never > recommend building coreutils anywhere but in a throwaway chroot. > Because the risk of a failure is just so very extremely high. That > would be a shame. To summarize, it, only runs with: make EXPENSIVE=yes check, only runs as non root, ensures file & dir removal bypass work in a safe context first Do you still think it's too dangerous? Pádraig. From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 30 12:57:39 2013 Received: (at 15926) by debbugs.gnu.org; 30 Nov 2013 17:57:39 +0000 Received: from localhost ([127.0.0.1]:51960 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmonT-0001nw-Go for submit@debbugs.gnu.org; Sat, 30 Nov 2013 12:57:39 -0500 Received: from mx1.redhat.com ([209.132.183.28]:16887) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmonR-0001nm-9T for 15926@debbugs.gnu.org; Sat, 30 Nov 2013 12:57:38 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rAUHvYsY032333 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 30 Nov 2013 12:57:34 -0500 Received: from [10.3.113.26] (ovpn-113-26.phx2.redhat.com [10.3.113.26]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rAUHvJWb019425; Sat, 30 Nov 2013 12:57:26 -0500 Message-ID: <529A26EC.4030002@redhat.com> Date: Sat, 30 Nov 2013 10:57:00 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: =?UTF-8?B?UMOhZHJhaWcgQnJhZHk=?= , Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528CBCA1.70409@redhat.com> <528D4DC3.9060806@bernhard-voelker.de> <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <529012E3.9010301@redhat.com> <20131129195732.GG25951@hysteria.proulx.com> <529943EF.6070308@draigBrady.com> In-Reply-To: <529943EF.6070308@draigBrady.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="GHVOttVv8wFE89hx0sAKJ3304MgsaTg1H" X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GHVOttVv8wFE89hx0sAKJ3304MgsaTg1H Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/29/2013 06:48 PM, P=C3=A1draig Brady wrote: > To summarize, it, > only runs with: make EXPENSIVE=3Dyes check, > only runs as non root, > ensures file & dir removal bypass work in a safe context first >=20 > Do you still think it's too dangerous? I think we've done a great job at writing a very robust test that exits early if not all preconditions of safety can be met (the most important of which is that using rm under LD_PRELOAD on a safe file leaves the file untouched, proving that we correctly avoided the right system call) - I see no issue with including the test by default, nor any reason to scare users into only running the test in a chroot jail. I actually think the timeout to limit to 2 seconds is a bit of overkill, but it's fine to be over-conservative and leave it in. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --GHVOttVv8wFE89hx0sAKJ3304MgsaTg1H Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSmib2AAoJEKeha0olJ0NqAd4H/jdfd0vbWZLJ5F1DWeAoBIwO KHblqR6B4ej1En4nkyeo/4RTsIRvZAXhrDlgdkRwijy8Vj6SonhEfABcZ5FPuauV 9jqGmzK9U5spAKKFKXgCPynWLZfwfgUh6YRQKcEJZNf2wJQW3NHmdXhfS60mW0z4 VDv4Lq9FGrhlCvPp/+df7G7d5XGx8uVhx/GIU6Qmwtx65XHYzRSKTuXJEfq/kRac CgvTnbhCfH5UJivq0LRCznGc/riNvN6Q8SvLNAWIKf8xha8Hsnr4wvgQlNersVzl qtzgdtYJzhGL8zBW02LG0OS2uhyInho6l2mRj7OYtAJEF45szrTIamJMxoVSd8s= =uZdC -----END PGP SIGNATURE----- --GHVOttVv8wFE89hx0sAKJ3304MgsaTg1H-- From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 30 16:33:42 2013 Received: (at 15926) by debbugs.gnu.org; 30 Nov 2013 21:33:42 +0000 Received: from localhost ([127.0.0.1]:52071 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmsAX-000719-Mz for submit@debbugs.gnu.org; Sat, 30 Nov 2013 16:33:42 -0500 Received: from joseki.proulx.com ([216.17.153.58]:59463) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmsAU-00070z-JN for 15926@debbugs.gnu.org; Sat, 30 Nov 2013 16:33:39 -0500 Received: from hysteria.proulx.com (hysteria.proulx.com [192.168.230.119]) by joseki.proulx.com (Postfix) with ESMTP id F22982122C for <15926@debbugs.gnu.org>; Sat, 30 Nov 2013 14:33:34 -0700 (MST) Received: by hysteria.proulx.com (Postfix, from userid 1000) id D0B652DCD5; Sat, 30 Nov 2013 14:33:34 -0700 (MST) Date: Sat, 30 Nov 2013 14:33:34 -0700 From: Bob Proulx To: 15926 <15926@debbugs.gnu.org> Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call Message-ID: <20131130213334.GA30691@hysteria.proulx.com> References: <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <529012E3.9010301@redhat.com> <20131129195732.GG25951@hysteria.proulx.com> <529943EF.6070308@draigBrady.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <529943EF.6070308@draigBrady.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Pádraig Brady wrote: > Bob Proulx wrote: > > I still think this is a very scary test and isn't worth the return on > > investment. It is the kind of thing that makes me think I could never > > recommend building coreutils anywhere but in a throwaway chroot. > > Because the risk of a failure is just so very extremely high. That > > would be a shame. > > To summarize, it, > only runs with: make EXPENSIVE=yes check, > only runs as non root, > ensures file & dir removal bypass work in a safe context first Plus I see a timeout too. The timeout is a good safety net. However it does create some possibility for a false positive fail if the system is slow. But a possible FP is a minor thing. I wasn't quite convinced that this is skipped if LD_PRELOAD isn't supported by the system. However I don't doubt it. I just wasn't able to trace through the logic by inspection quickly enough. > Do you still think it's too dangerous? I can't say that it isn't still scary. There is an intentional execution of an 'rm -r /'! But looking at it I think you guys have done a lot of work to make it as safe as possible. I still think that was way too much investment for the potential return. But having done it I can't say not to include it. Since it only runs as non-root then an accident there really isn't any worse than any other rm accident that might happen. But that is today in the current incarnation. But for example what happens if the preferred unlink command ever changes from unlinkat() to something new about ten years in the future? Can't say it won't change since we have already seen it change. If the code is changed in the future and the tests run then what prevents the pitfall at that point in the future? I really don't want to be a rainy day but I worry about these things. Bob From debbugs-submit-bounces@debbugs.gnu.org Sat Nov 30 16:48:25 2013 Received: (at 15926) by debbugs.gnu.org; 30 Nov 2013 21:48:25 +0000 Received: from localhost ([127.0.0.1]:52083 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmsOn-0007QF-Gh for submit@debbugs.gnu.org; Sat, 30 Nov 2013 16:48:25 -0500 Received: from moutng.kundenserver.de ([212.227.17.8]:63240) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VmsOk-0007Pz-ED for 15926@debbugs.gnu.org; Sat, 30 Nov 2013 16:48:23 -0500 Received: from [192.168.1.11] (p5091FFEF.dip0.t-ipconnect.de [80.145.255.239]) by mrelayeu.kundenserver.de (node=mreu3) with ESMTP (Nemesis) id 0MVWQs-1W7AAn0uuE-00Yl3y; Sat, 30 Nov 2013 22:48:03 +0100 Message-ID: <529A5D12.20407@bernhard-voelker.de> Date: Sat, 30 Nov 2013 22:48:02 +0100 From: Bernhard Voelker User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5 MIME-Version: 1.0 To: Bob Proulx Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <529012E3.9010301@redhat.com> <20131129195732.GG25951@hysteria.proulx.com> <529943EF.6070308@draigBrady.com> <20131130213334.GA30691@hysteria.proulx.com> In-Reply-To: <20131130213334.GA30691@hysteria.proulx.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:9CcaLV0mi1eqV34U+qSYbFw/rkyIeRHCVZhqHLD9UNZ XPAkJrefqmWPI1WNHNDesPavZXOfkodTEH2ARscPKiusAnCGoa So/Faz+MORa8gCk49O6hsBeEHd7KrKjSug9TvMbAhTja53iq+W O56avD+LfeTD10i9hnQCDWVnNY8kiHhk7gzrK4VUwqRgsMNWXe J3CGi13gLPxlPfe5qWCW9gEey4KqOjwHT/zGVfaDcCDQpE3P0e yzea7LiolrgrN8L1PsoUub6tAPlgBv74Cb7reFS1mj6f6KwixH PPDq8BgCJxkNcAi2U6AK0qT13bBvZYanHm475gHQPLR0zToY52 2WxUpPcjHJ2zj0R8Z6ztgjeZWiko0JLNCC9HBgUPK X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 Cc: 15926 <15926@debbugs.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) On 11/30/2013 10:33 PM, Bob Proulx wrote: > [...] I still think that > was way too much investment for the potential return. I wouldn't say that: 20 of the 21 runs of "rm -r /" prove that 'rm' skips the '/' argument and various synonyms, as required by POSIX (and common sense). I think it's important to ensure that this skipping works. > But for example what happens if the preferred unlink command ever > changes from unlinkat() to something new about ten years in the > future? At the start, the test proves that intercepting unlinkat() via LD_PRELOAD works and that the arguments (once for a file, once for a directory) still exist afterward. > I really don't want to be a rainy day but I worry about these things. That's basically a good thing. This is really a delicate test, so I'd like to encourage as much people as possible to have a look at it. Please feel free to double- (or more) read the code. Have a nice day, Berny From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 02 10:48:25 2013 Received: (at 15926) by debbugs.gnu.org; 2 Dec 2013 15:48:25 +0000 Received: from localhost ([127.0.0.1]:54803 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VnVjV-0002p8-70 for submit@debbugs.gnu.org; Mon, 02 Dec 2013 10:48:25 -0500 Received: from mx1.redhat.com ([209.132.183.28]:30601) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VnVjS-0002oz-5Y for 15926@debbugs.gnu.org; Mon, 02 Dec 2013 10:48:24 -0500 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rB2FmKB8013294 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 2 Dec 2013 10:48:20 -0500 Received: from [10.3.113.162] (ovpn-113-162.phx2.redhat.com [10.3.113.162]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rB2FmKZe021009; Mon, 2 Dec 2013 10:48:20 -0500 Message-ID: <529CABC3.3080707@redhat.com> Date: Mon, 02 Dec 2013 08:48:19 -0700 From: Eric Blake Organization: Red Hat, Inc. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Bob Proulx , 15926 <15926@debbugs.gnu.org> Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call References: <528F709B.7040106@bernhard-voelker.de> <528F74BE.9030603@redhat.com> <528F7A07.6000103@bernhard-voelker.de> <528F7B4C.8080102@redhat.com> <20131122173922.GA26828@hysteria.proulx.com> <528FFEA0.8050708@bernhard-voelker.de> <529012E3.9010301@redhat.com> <20131129195732.GG25951@hysteria.proulx.com> <529943EF.6070308@draigBrady.com> <20131130213334.GA30691@hysteria.proulx.com> In-Reply-To: <20131130213334.GA30691@hysteria.proulx.com> X-Enigmail-Version: 1.6 OpenPGP: url=http://people.redhat.com/eblake/eblake.gpg Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HpT3c4xiuHlXigwRGvfaEp9kVUEiEPANX" X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HpT3c4xiuHlXigwRGvfaEp9kVUEiEPANX Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/30/2013 02:33 PM, Bob Proulx wrote: > But for example what happens if the preferred unlink command ever > changes from unlinkat() to something new about ten years in the > future? Can't say it won't change since we have already seen it > change. Indeed, we've already moved from unlink()/rmdir() to unlinkat() as our preferred syscall(s). But that's part of the sanity checks of the test - if the LD_PRELOAD test runs, and the file is deleted, then the code base has switched away from using unlinkat() as its deletion mechanism, and the test will be skipped until someone updates it to override the new preferred syscall instead. The only way we attempt 'rm -r /' is if we FIRST prove that we have safely prevented 'rm -r file dir' from deleting sub-trees in the (safe) current working directory, so that we know that we are also preventing any attempt to actually remove / and only end up testing the other effects (such as the appropriate POSIX behavior of refusing to remove / by default). --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --HpT3c4xiuHlXigwRGvfaEp9kVUEiEPANX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJSnKvEAAoJEKeha0olJ0NqYkMH/iHvzR9kFTdqWANhektChuNP UhlonQjsTSLJ/D0sOzRBr1zr8YcyvKZ9H1yS6RDvm84mBFC3+QGFwGZs2N39zNEA VC6RBsbFzORneSSy4GNCYBhG5EFgTDXjAKQlsxNupw6ydu97qXOpgueImObc8trN kLRe0Iw6nqr5MZn/MPsa37p4nqSYRUlBFZPng1s6aR9pbQsaeDsLTrgKiQbGynEt DA3jBykKE4GcwCdgB6I7kh/V/T3XStSWPe29MJGVoD/9kryBVUZz3qFal+EmKBW7 qsScpaNSb3gFBD4J0zamqU3qqGdZk6XQWewI0hp20kpX6JZYYkIgS3Ot53pRm5k= =Q0ov -----END PGP SIGNATURE----- --HpT3c4xiuHlXigwRGvfaEp9kVUEiEPANX-- From debbugs-submit-bounces@debbugs.gnu.org Wed Oct 10 12:29:08 2018 Received: (at 15926) by debbugs.gnu.org; 10 Oct 2018 16:29:08 +0000 Received: from localhost ([127.0.0.1]:43760 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gAHMC-0005YZ-HG for submit@debbugs.gnu.org; Wed, 10 Oct 2018 12:29:08 -0400 Received: from mail-pf1-f171.google.com ([209.85.210.171]:36201) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gAHMA-0005Xy-HY; Wed, 10 Oct 2018 12:29:06 -0400 Received: by mail-pf1-f171.google.com with SMTP id l81-v6so2903593pfg.3; Wed, 10 Oct 2018 09:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=8s5v16jlfVTJGqp+SOVQyGXsHEMByPn+fiMt+6r6Cmg=; b=pGKmRDIoTklwUIChF9SG7L6u/2LFK4peKdfBLDDFLa0a3KwnUnZe7zY22kcw/3qmDp +k2NRfSfFRsC7rUzNMoZe9KqvWK/BeCokKHNez5L1jZtrTkRlys4syjQIkuw3vADKnm8 Yo4p9F7f7k9Bz+CakGscNT/HndcYnxk/uJylb1sHM1Dy0heGD1Tjyxm414L4vHiwOfUX iXV86v0WAdwyRtIYpuEzWHNtWRCZIqMpzLs5Cqx88N1yGR2eBicZXhGPWKZFczSokTpM SxAbJ6KRdstByWw7xne81zrj7N2cbHPGRbLqeO35ZBnDnavsmamzw5yKkyeHSoCAoZY0 ZJOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=8s5v16jlfVTJGqp+SOVQyGXsHEMByPn+fiMt+6r6Cmg=; b=MqO+QsP11guPiMhnatA2BvLBlRpD1pAQtt6BGo7fYaGrDoaQCk/9gZCcW35B3SzfZc sdkLrPo7+pFdL+HmFOPKuihtRa9ygfFkplOCafRxDaX8yajFfL5cMrSa8OiUfplKVf78 6fyAqsxw7zt6lprySCs3pLrPiBZoCGT+fqB5BubnEvCyKRu7dx2SPCcHdk9nq31Ws97x bE+z9rY339Uuh513roNhqXM3wDMEdpDwY9La0e0pAkvCko5dCnD6UFlF2/HP3GBvh4eC u7u4O1Cwy0ZxDpvgSPdJ7eX3TvFOUGqslWt4KHL5UCVwA9hjruqkZ2qHgFH/Lz911FJk qJ+A== X-Gm-Message-State: ABuFfohON4YfolCzDPQZRFbx0ty6pIxQ/IR4RYdsp+RrS686EgPk/R1T psEN15H1hmFDu1Iyl4SVe+H34HQLwtk= X-Google-Smtp-Source: ACcGV62vHpOzFn3W8aLIRQvLae3HiBCVnAD8AEookH2zL66/hxZer7IR+r/teiMDXEka7WbC6XraXA== X-Received: by 2002:a63:4c4e:: with SMTP id m14-v6mr30510246pgl.173.1539188939983; Wed, 10 Oct 2018 09:28:59 -0700 (PDT) Received: from tomato.housegordon.com (moose.housegordon.com. [184.68.105.38]) by smtp.googlemail.com with ESMTPSA id u190-v6sm31233388pgu.3.2018.10.10.09.28.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Oct 2018 09:28:58 -0700 (PDT) Subject: Re: bug#15926: RFE: unlink command already uses 'unlink' call; make 'rm' use 'remove' call To: 15926@debbugs.gnu.org References: <528B520B.1080601@tlinx.org> <528B565D.4020205@draigBrady.com> <528E66BA.30002@redhat.com> From: Assaf Gordon Message-ID: <86bede85-b8ea-68d6-3400-fb27e29993ed@gmail.com> Date: Wed, 10 Oct 2018 10:28:57 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <528E66BA.30002@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 15926 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) close 15926 stop (triaging old bugs) The original topic of using remove(2) call in rm(1) was decided to be undesirable. Starting at around the 33rd message [1] the thread diverges into bugs in "rm -rf ." and similar problems (which are resolved by the 221st message [2]. [1] https://bugs.gnu.org/15926#33 [2] https://bugs.gnu.org/15926#221 I'm therefore closing this item (it is already marked as "not a bug", relating to the original request). We typically write "discussion can continue by replying to this thread", but in this case I think it should not be encouraged. If there are further issues with "rm", please do start a new thread (if it's a bug - to bug-coreutils@gnu.org ; if a feature request - to coreutils@gnu.org ). regards, - assaf From unknown Thu Jun 19 16:21:27 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 08 Nov 2018 12:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator