On Thu, 27 Sep 2007 20:27:56 +0900 Daichi GOTO <daichi_at_freebsd.org> wrote: > >> We have created safety expansion for rm(1). If you have any > >> interests, please try follow patch. > >> > >> http://people.freebsd.org/~daichi/safety-rm/ > > And unusual commands like chflags I just suppose are no much > point in this case. What is important is that adding mistake > protecting functions into common commands like rm(1) itself. Perhaps the solution is not general enough: rm(1) is but one program using the unlink(2) syscall. Why not protect unlink(2) itself by wrapping it into a function that does all this checking that you're putting into safety-rm right now? Users who want to protect themselves could then dynamically link this unlink-wrapper into all their applications. When an application calls unlink(2), that call will be diverted to unlink(3), the wrapper. Ideally, users should have a generic way to wrap syscalls (or other dynamic library calls) with a program similar to env(1), let's call it wrap(1). A call to wrap(1): $ wrap lib1 lib2 lib3 ... prog would dynamically relink prog in such a way that it uses objects taken from lib1, lib2, lib3 ... instead of the libraries it is already linked to against. To protect unlink(2) in a shell session, one could then write an unlink(3) wrapper into a library libsafe_unlink.so, and invoke the shell like: $ wrap safe_unlink /bin/sh Now, every call to unlink(2) (be it from /bin/sh - that's easy, or from all their children - that's the hard part), would call the unlink(3) from this library wrapper libsafe_unlink.so That would be really useful, not only in the unlink(2) case. You could do all kinds of stuff with that, like profiling, instrumenting etc... Of course, there's already libmap.conf(5), but it would be nice to have something that's not limited to root, and that could be used more dynamically, as in wrap(1). Thanks, -cpghost. -- Cordula's Web. http://www.cordula.ws/Received on Thu Sep 27 2007 - 11:51:34 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:18 UTC