Subject: Re: kern/1043: unlink(2) should not let superuser remove directories
To: None <jtk@kolvir.blrc.ma.us>
From: Peter da Silva <peter@bonkers.taronga.com>
List: netbsd-bugs
Date: 05/14/1995 20:32:07
> That's an argument for using fsdb, not to let root run rampant causing
> file system corruption.  Using fsdb makes it absolutely clear that
> you're intentionally doing something dangerous.  Using unlink(2) on
> directories is just the _Wrong Way_ to fix a damaged/broken filesystem!

If that's the only thing wrong with the file system, I'd rather use link
and unlink and clri and fsck than dive into fdsb... and I've been doing
this for fifteen years. Fsdb will let you totally screw your filesystem
to the point where you have to reinstall faster than you can say jack
robinson. Fsdb is a tool of last resort, like using adb on a running
kernel (which I've done too, now that I think of it). Link and unlink
take some effort to produce that level of brokenness... because they work
through the file system, and won't *create* half-broken inodes if there
aren't any there already.

In any case, I have real strong philosophical problems with removing the
ability of root to do *anything*... not just link and unlink directories.

Yes, we have symlinks now. Yes, you 99% of the time don't want to do that.
Yes, you can create inconsistent directory structures this way... but as
far as I'm concerned you might as well issue a patch that prevents you
from creating files and directories with control characters or shell
metacharacters in them.