Subject: Re: CVS commit: src/usr.bin/find
To: Perry E. Metzger <>
From: SODA Noriyuki <>
List: tech-userlevel
Date: 02/09/2007 03:32:04
>>>>> On Thu, 08 Feb 2007 13:00:14 -0500,
      "Perry E. Metzger" <> said:

> It is close enough and I'd rather fix things than get into a situation
> where we argue about whether the option is ever coming back again.

The problems are:
 i.  The consensus for the necessity of the -rm option is not yet made.
   Certain people are objecting the -rm option.
 ii. If the consensus is "no", having -rm option in the tree causes
     incompatible change (i.e. removing a feature that people may already
     depend on it.)
iii. Even if the consensus is "yes", there is still security risk below.

On the other hand, removing "-rm" for now harms nothing.

>> As far as I can tell, removing the "-rm" option harms nothing.
>> On the other hand, leaving the current "-rm" option introduces
>> security problem as I said.

> How oes the rm option introduce a security problem?

People may depend on the fact that current "-rm" implementation is
secure against the symlink race.
And introduction of the correct "-rm" implementation may break
the people's assumption.  That's a security risk.