Subject: Re: CVS commit: src/usr.bin/find
To: Perry E. Metzger <>
From: SODA Noriyuki <>
List: tech-userlevel
Date: 02/09/2007 03:41:19
>>>>> On Thu, 08 Feb 2007 13:37:11 -0500,
      "Perry E. Metzger" <> said:

>>> How does the rm option introduce a security problem?
>> People may depend on the fact that current "-rm" implementation is
>> secure against the symlink race.
>> And introduction of the correct "-rm" implementation may break
>> the people's assumption.  That's a security risk.

> The logic here is amazingly tortured. I can't agree with it. I'd go so
> far as to say that it is pretty much nonsense.

How do you think this is nonsense?
Could you explain the reason to me?

> There is nothing "-rm" is harming so urgently that demands that we
> remove it instantly instead of taking a while and thinking about
> it. It is barely ten bytes of code and we're no where near to a
> release. If you are willing to discuss altering the code in good faith
> I'll talk about that, but there is no reason to remove the existing
> option before then.

Even if the point iii. is actually nonsense, how do you think about the
point i. and ii.?

Also, you haven't shown the reason why the incorrect "-rm" implemention
has to remain in the tree.  Could you explain the reason?