netbsd-bugs: Re: kern/1043: unlink(2) should not let superuser remove directories

Subject: Re: kern/1043: unlink(2) should not let superuser remove directories
To: None <netbsd-bugs@NetBSD.ORG>
From: Christos Zoulas <christos@deshaw.com>
List: netbsd-bugs
Date: 05/12/1995 02:19:50

In article <199505120110.LAA05397@nemeton.com.au> giles@nemeton.com.au (Giles Lean) writes:
>
>On Thu, 11 May 1995 16:20:07 -0700  John Kohl wrote:
>
>
>> >Number:         1043
>> >Category:       kern
>> >Synopsis:       root can unlink directories, causing FS corruption
>
>This is historical practice.  It is definitely dangerous, but
>occasionally handy to fix filesystem corruptions.  (Which I havn't
>seen on NetBSD, mind you, but hardware errors and sudden loss of
>power can happen to anyone.)
>
>If you remove this functionality then the ability for the superuser
>to link directories should also go, and a filesystem debugger should
>be provided.
>
>Perl users will recognise that unlinking directories is considered
>'unsafe' and you have to give the -U flag for these operations to
>be enabled.  Other utilities have even more stringent restrictions.
>

I agree with that.
How about if we don't set the clean flag in those cases? And do the
same when a running executable gets unlinked?

christos