Commit Graph

105 Commits

Author SHA1 Message Date
gjb
5f63f50572 MFC r268376 (imp):
rm -rf can fail sometimes with an error from fts_read. Make it
  honor fflag to ignore fts_read errors, but stop deleting from
  that directory because no further progress can be made.

  When building a kernel with a high -j value on a high core count
  machine, during the cleanobj phase we can wind up doing multiple
  rm -rf at the same time for modules that have subdirectories. This
  exposed this race (sometimes) as fts_read can return an error if
  the directory is removed by another rm -rf. Since the intent of
  the -f flag was to ignore errors, even if this was a bug in
  fts_read, we should ignore the error like we've been instructed
  to do.

Approved by:	re (kib)
Sponsored by:	The FreeBSD Foundation
2014-10-01 16:18:40 +00:00
eadler
18ab525779 Add two more 'static' qualifiers 2013-04-26 17:56:35 +00:00
eadler
b49ea837d6 Take some improvements from DragonFlyBSD:
- add const where appropriate
	- add static where appropriate
	- fix a whitespace issues

Reviewed by:	brooks
Obtained from:	DragonFlyBSD
MFC After:	1 week
2013-04-26 17:45:40 +00:00
eadler
d2cd9ce7fa Add -x option to avoid crossing mount points when removing a hierarchy.
Discussed on:	-hackers
Inspired by:	DragonflyBSD
MFC After:	1 week
2013-04-26 17:45:37 +00:00
joel
2ba67e203a Add a few examples.
Obtained from:	OpenBSD
2013-03-15 20:12:54 +00:00
mdf
8ce8b3ae17 Fix bin/ build with a 64-bit ino_t.
Original code by:	Gleb Kurtsou
2012-09-27 23:31:12 +00:00
delphij
0dbfe1d7aa Polish previous revision: if the fts_* routines have lstat()'ed the
directory entry then use the struct stat from that instead of doing
it again, and skip the rm_overwrite() call if fts_read() indicated
that the entry couldn't be a regular file.

Obtained from:	OpenBSD
MFC after:	1 week
2012-06-20 21:10:38 +00:00
kevlo
592e847dfe Fix potential symlink race condition in "rm -P" by adding a check
that the file we have opened is the one we expected.  Also open in
non-blocking mode to avoid a potential hang with FIFOs.

Obtained from:	NetBSD via OpenBSD
2012-06-20 02:21:53 +00:00
ed
f58d00c87a Put some static keywords in the source code.
For these simple utilities, it doesn't harm to make all global variables
static. In fact, this allows the compiler to perform better forms of
optimisation and analysis.
2011-10-31 08:59:17 +00:00
jilles
2a22eeb6a2 bin: Prefer strrchr() to rindex().
This removes the last index/rindex usage from /bin.
2011-03-15 22:22:11 +00:00
uqs
4d0f9c6e02 Fix typo and grammar nit
Submitted by:	arundel
MFC after:	7 days (or when the bikeshed has abated)
2010-10-31 19:16:54 +00:00
uqs
da8e054ad1 Elaborate some more on the non-security implications of using -P
Submitted by:	delphij
Discussion at:	svn-src-all
2010-10-31 09:21:27 +00:00
des
6181f4e8f1 Language cleanup. 2010-10-27 18:48:23 +00:00
uqs
d6b49c1347 rm(1): clarify that -P works only when blocks are updated in-place
Suggested by:	pjd, ivoras, arundel
2010-10-08 15:20:20 +00:00
delphij
327370f2cc Clarify the combination effect of -P and -f to make it clear.
Submitted by:	arundel
MFC after:	2 weeks
2010-10-04 06:17:45 +00:00
jilles
9e52569907 rm, find -delete: fix removing symlinks with uchg/uappnd set.
Formerly, this tried to clear the flags on the symlink's target
instead of the symlink itself.

As before, this only happens for root or for the unlink(1) variant of rm.

PR:		bin/111226 (part of)
Submitted by:	Martin Kammerhofer
Approved by:	ed (mentor)
MFC after:	3 weeks
2009-05-30 10:42:19 +00:00
imp
3eec96d6db Implement ^T support for rm: now it will report the next file it
removes when you hit ^T.  This is similar to what's done for cp.  The
signal handler and type definitions for "info" were borrowed directly
from cp.
2009-04-29 18:08:18 +00:00
ru
59b8e8a6d2 Give a hint to the reader as to what the "whiteout" actually means. 2006-12-26 13:57:40 +00:00
ru
9b2078d255 Fix markup, add the EXIT STATUS section. 2006-12-26 13:44:41 +00:00
delphij
7af07c0c57 Correct a security issue introduced in previous commit:
instead of removing the file and issue a warning about
the removal, do not do any operation at all in case -P
is specified when the dinode has hard links.

With -f and -P specified together, we assume that the
user wants rm to overwrite the contents of the file
and remove it (destroy the contents of file but leave
its hard links as is).

The reason of doing it this way is that, in case where
a hard link is created by a malicious user (currently
this is permitted even if the user has no access to the
file).  Losing the link can potentially mean that the
actual owner would lose control completely to the user
who wants to obtain access in a future day.

Discussed with:	Peter Jermey
2006-10-31 02:22:36 +00:00
delphij
633d73890b Be more reasonable when overwrite mode is specified while there
is hard links.  Overwritting when links > 1 would cause data
loss, which is usually undesired.

Inspired by:	discussion on -hackers@
Suggested by:	elessar at bsdforen de
Obtained from:	OpenBSD
2006-10-30 03:32:09 +00:00
maxim
065ac6f82d o Backout rev. 1.55. Don't waste cpu cycles for bzero(), do not
call chflags() for whiteouted files.

Prodded by:	ru
2006-10-18 13:16:06 +00:00
maxim
ebbb5a2544 o Zero out struct stat before usage. lstat(2) can fail and
leave garbage there which will break -W code path.

PR:		bin/84569
Submitted by:	Igor
MFC after:	2 weeks
2006-10-18 08:22:33 +00:00
maxim
d01f82209e o Be pedantic and do fts_close() when done.
PR:		bin/95292
Submitted by:	Charles Hardin
Obtained from:	NetBSD via OpenBSD, PR
2006-04-15 09:26:23 +00:00
ru
6bbac1a76d -mdoc sweep. 2005-11-17 12:15:23 +00:00
dougb
1a601e1eb1 Give .Dd a tummy rub, forgotten on my last commit. 2005-09-30 02:12:15 +00:00
dougb
a6ef64df7a Handle the case where the -P flag is specified for a read-only file
earlier, and more gracefully. Previously, this combination would be
ignored early in the code where permissions are tested and fail later
with a very unhelpful "permission denied" error.

Instead, test for this flag in the same block that generates the
"override?" messages for read-only files, but instead of trying
to guess what the user has in mind, generate an error and exit.

Update the man page to reflect this new behavior.

Not objected to by:	freebsd-hackers@
2005-09-29 20:40:29 +00:00
ru
978b8f7f1d Sync program's usage() with manpage's SYNOPSIS. 2005-02-09 17:37:39 +00:00
delphij
32d71c2dd4 Remove unnecessary SRCS= where could be guessed directly by our
bsd.*.mk infrasture.

Obtained from:	ru
2005-01-27 14:52:47 +00:00
ru
ffd9fd4c0e Add the new standard EXIT STATUS section where appropriate.
Sort standard sections in the (documented) preferred order.
2005-01-16 16:41:59 +00:00
imp
a76898b849 /*- or .\"- or #- to begin license clauses. 2005-01-10 08:39:26 +00:00
jkh
619b5d9b02 UNIX conformance: If -r -f on non-existent directory, don't emit error. 2004-11-13 04:07:01 +00:00
delphij
3705c45967 Correct a typo and make the documentation more mdoc(7) complaint.
Pointed out by:	dd
Approved by:	murray (mentor)
2004-11-01 16:52:34 +00:00
delphij
169dc919b8 Add -I, an option that asks for confirmation once if recursively
removing directories or if more than 3 files are listed in the
command line.

This feature is intended to provide a safe net but not being too
annoying like having "rm -i" for every deleting operations, and
is generally good for both newbies and power users, preventing
them from being so easily run into ``rm -rf /'', ``rm -rf *''
and so forth.

Originally implemented by Matthew Dillon for DragonFly, plus
some improvements done by various DragonFly contributors.

Approved by:	murray (mentor; the original dillon's version)
Discussed with:	des
Obtained from:	DragonFly's bin/rm/
		rm.c rev. 1.4 - 1.8
		rm.1 rev. 1.3 - 1.4
MFC After:	1 month
2004-10-28 08:25:30 +00:00
des
d6b7bd90c2 The previous commit added code to rm(1) to warn about and remove any
occurrences of "/" in the argument list.  This corresponds to Enhancement
Request Number 5 in the Austin Group TC2 Aardvark's XCU Defects Report
(<URL:http://www.opengroup.org/austin/aardvark/finaltext/xcubug.txt>).
Further discussion is available in the Austin Group mailing list archives
(<URL:http://www.opengroup.org/austin/mailarchives/>, "Defect in XCU rm")
and for Austin Group members, in the Austin Group Interpretations archive
(<URL:http://www.opengroup.org/austin/interps/>, AI-019)

This commit makes that check conditional on !POSIXLY_CORRECT, since it
is not strictly correct according to the current version of the standard
(but is expected to be correct according to the next version, and has
already been adopted by Solaris).
2004-10-04 19:24:28 +00:00
des
7b077f5960 Markup fixes.
Pointed out by:	ru
2004-10-04 19:03:44 +00:00
des
b6f24c61ed Find out how flame-proof my underwear really is. 2004-10-04 11:26:01 +00:00
des
9ccc4fa11b Whitespace cleanup. 2004-10-04 11:14:12 +00:00
ru
d40c857e0d Mechanically kill hard sentence breaks. 2004-07-02 21:04:19 +00:00
markm
4383f14801 Remove clause 3 from the UCB licenses.
OK'ed by:	imp, core
2004-04-06 20:06:54 +00:00
kuriyama
bbd000ecdd o Fix a style bug and poor wording in comment.
o When fts_read() cannot stat the file, it can't be unlinked.  At
  that case, don't display error message when -f flag is used.

Obtained from:	bde
PR:		kern/16815, bin/35842
Reported by:	kuriyama, Aleksandr A. Babaylov <.@babolo.ru>
2004-01-01 10:26:43 +00:00
guido
9e1c15152d When the P flag is set (i.e. Overwrite regular files before deleting them),
do only unlink the file if we could indeed overwrite the file.
Old behaviour: rm -P /tmp/foo (foo mode 0444) would NOT overwrite foo,
but still delete it (with a warning: rm: foo: Permission denied)
New behaviour: Just the EPERM warning, but no deletion

Reviewed by:	bde
2003-11-10 09:40:18 +00:00
bde
5b6accf9d9 1. Fixed leakage of a file descriptor for every non-fatal failure in
rm_overwrite() (for rm -P).

2. Print the file name in the error message for (fatal) malloc() failures
   in rm_overwrite().  I first thought that malloc() failures should be
   non-fatal since they don't prevent proceeding the the next file, but
   making them non-fatal would normally give too much output for rm -Pr
   on a large tree in the unlikely event that even one occurs, since the
   malloc()ed amounts are usually the same.  Just print the file name since
   the malloc()ed amounts are not always the same and it doesn't hurt to
   know where rm was when it quit.

Submitted by:	guido ((1) and original version of (2))
2003-11-08 09:55:16 +00:00
obrien
eaf3fff90a Quiet warnings about copyright[]. 2003-05-01 16:58:57 +00:00
trhodes
370db79246 Cross ref chflags(1).
Suggested by:	Craig Carey <research@ijs.co.nz) on -doc.
2003-02-04 20:38:51 +00:00
trhodes
9618da3e35 s/filesystem/file system/ as discussed on -developers 2002-08-21 17:32:44 +00:00
sheldonh
eaeed7f0ff Revert previous delta, which is not required with rev 1.5 of
src/contrib/gcc/c-format.c .
2002-07-15 12:08:21 +00:00
tjr
1f5fc25e7a Complain if more than one file argument is given to unlink(1) like we did
before I made unlink use getopt().
2002-07-12 07:20:20 +00:00
sheldonh
aa9de7efae Set WFORMAT=0, because our compiler currently complains about NULL
arg 2 to err() and friends, and warnings are promoted to errors.

This allows the following revisions to be reverted:

	rev 1.39	src/bin/cp/cp.c
	rev 1.26	src/bin/chmod/chmod.c
	rev 1.40	src/bin/rm/rm.c

The following revisions can already be reverted, because they were
already covered by WFORMAT=0:

	rev 1.8		src/bin/ls/lomac.c
	rev 1.63	src/bin/ls/ls.c
	rev 1.8		src/bin/ps/lomac.c
	rev 1.34	src/bin/rcp/rcp.c
2002-07-11 08:45:38 +00:00
dillon
3adf63f81d err() is documented as allowing NULL for the format string but GCC isn't
happy about it any more so change the usage to make buildworld work again.
2002-07-10 20:44:55 +00:00