Re: CVS commit: src/usr.bin/find

SODA Noriyuki <sodasra.co.jp> writes:
>>>>>> On Thu, 08 Feb 2007 12:37:15
-0500,
>       "Perry E. Metzger" <perrypiermont.com> said:
>
>>>> I'd be happy enough with "-rm"
should do what people expect and
>>>> "-delete" can stay as it is,
though I would prefer that both do what
>>>> people expect.
>>> 
>>> I'm confused.
>>> Do you agree with the option 3?  Or disagree
with it?
>
>> I don't want us to remove anything right now. 
>
> Why?
> If I understand correctly, you agree that current
implementation of
> the "-rm" option is not what you want.

It is close enough and I'd rather fix things than get into a
situation
where we argue about whether the option is ever coming back
again.

> As far as I can tell, removing the "-rm"
option harms nothing.
> On the other hand, leaving the current "-rm"
option introduces
> security problem as I said.

How oes the rm option introduce a security problem?

>> I'd like us to fix things so everything does what
users would
>> expect, both documentation and code.
>
> At least current "-rm" implementaion is
incorrect.
> So what we can do now is to remove the "-rm"
option.

I do not want to see the option removed.

Perry

On Thu, Feb 08, 2007 at 01:00:14PM -0500, Perry E. Metzger
wrote:
[...]
> > As far as I can tell, removing the "-rm"
option harms nothing.
> > On the other hand, leaving the current
"-rm" option introduces
> > security problem as I said.
> 
> How oes the rm option introduce a security problem?

Why do you think -delete is paranoid?

> >> I'd like us to fix things so everything does
what users would
> >> expect, both documentation and code.
> >
> > At least current "-rm" implementaion is
incorrect.
> > So what we can do now is to remove the
"-rm" option.
> 
> I do not want to see the option removed.

In the over 10 years FreeBSD had -delete, they didn't feel
the need to
grow a -rm option.  I say, back out -rm now and continue
this appealing
discussion in 10 years.

-- 
Quentin Garnier - cubecubidou.net - cubeNetBSD.org
"You could have made it, spitting out benchmarks
Owe it to yourself not to fail"
Amplifico, Spitting Out Benchmarks, Hometakes Vol. 2,
2005.

>>>>> On Thu, 08 Feb 2007 13:00:14 -0500,
      "Perry E. Metzger" <perrypiermont.com> said:

> It is close enough and I'd rather fix things than get
into a situation
> where we argue about whether the option is ever coming
back again.

The problems are:
 i.  The consensus for the necessity of the -rm option is
not yet made.
   Certain people are objecting the -rm option.
 ii. If the consensus is "no", having -rm option
in the tree causes
     incompatible change (i.e. removing a feature that
people may already
     depend on it.)
iii. Even if the consensus is "yes", there is
still security risk below.

On the other hand, removing "-rm" for now harms
nothing.

>> As far as I can tell, removing the "-rm"
option harms nothing.
>> On the other hand, leaving the current
"-rm" option introduces
>> security problem as I said.

> How oes the rm option introduce a security problem?

People may depend on the fact that current "-rm"
implementation is
secure against the symlink race.
And introduction of the correct "-rm"
implementation may break
the people's assumption.  That's a security risk.
-- 
soda