Subject: Re: CVS commit: src/usr.bin/find
To: SODA Noriyuki <firstname.lastname@example.org>
From: Perry E. Metzger <email@example.com>
Date: 02/08/2007 13:37:11
SODA Noriyuki <firstname.lastname@example.org> writes:
>> How does the rm option introduce a security problem?
> People may depend on the fact that current "-rm" implementation is
> secure against the symlink race.
> And introduction of the correct "-rm" implementation may break
> the people's assumption. That's a security risk.
The logic here is amazingly tortured. I can't agree with it. I'd go so
far as to say that it is pretty much nonsense.
There is nothing "-rm" is harming so urgently that demands that we
remove it instantly instead of taking a while and thinking about
it. It is barely ten bytes of code and we're no where near to a
release. If you are willing to discuss altering the code in good faith
I'll talk about that, but there is no reason to remove the existing
option before then.