Commit Graph

42 Commits

Author SHA1 Message Date
wiz 8d21cba126 Fix typo. 2004-01-11 09:41:55 +00:00
tls f71666350e Adjust comment to indicate what this code is actually useful for, and that
it's not really "cheap".
2004-01-11 02:17:12 +00:00
tls e9e0ca4155 Change behaviour of -P option to conform generally to DoD 5220.22-M
standard.  This change inspired by Apple's "Secure Empty Trash" functionality
in MacOS 10.3.  However, it is important to understand that this change
does not -- and can not -- actually achieve conformance to the current
revision of the standard.  To quote the manual page:

     The -P option attempts to conform to U.S. DoD 5220-22.M, "National Indus-
     trial Security Program Operating Manual" ("NISPOM") as updated by Change
     2 and the July 23, 2003 "Clearing & Sanitization Matrix".  However,
     unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
     which make it clear that the standard does not and can not apply to the
     erasure of individual files, in particular requirements relating to spare
     sector management for an entire magnetic disk.  Because these
     requirements are not met, the -P option does not conform to the standard.

This also makes the -P option a *lot* more expensive than it used to be.
It used to overwrite with 0xff, overwrite with 0x00, overwrite with 0xff,
with an fsync after each write.  Now it overwrites with a random character,
overwrites with 0xff, overwrites with 0x00, reads to validate the 0x00
overwrite, then overwrites with random data -- calling sync() after every
operation in an attempt to force seeks that will clear the data from the
cache of disks that lie about whether data has been committed to the
platters.  Also, the file's opened with O_SYNC|O_RSYNC to cause metadata
updates on every read/write, which should cause still more seeks.

This is better than it used to be, but it's by no means adequate if you
have data you really don't want read by an adversary who can pull the
disk apart.
2004-01-11 02:04:05 +00:00
jschauma ad8530d1eb remove unused code left from printescaped() backput as pointed out by Jeff
Ito in PR bin/23969 and PR bin/23970.
2004-01-04 16:04:18 +00:00
jschauma 6a75fbb636 Following private discussion with kleink@ and hubertf@ and public discussion
on tech-userlevel@, back out printescaped() functionality.
kleink: ``We sell rope.''
2003-09-14 19:20:16 +00:00
itojun e1e0321817 use bounded string op 2003-08-13 02:51:20 +00:00
agc b5b2954259 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22249, verified by myself.
2003-08-07 09:05:01 +00:00
jschauma 458ed23412 As discusses a little while back on tech-userlevel:
If stdout is a tty, use vis(3) to print any filenames to prevent garbage
from being printed if the filename contains control- or other non-printable
characters.

While here, sprinkle some EXIT_FAILURE and NOTREACHED where appropriate.
2003-08-04 22:31:21 +00:00
enami a663fd779c Remove space at the end of line. 2003-03-01 07:57:33 +00:00
jrf 1a7a1a2569 Note: Original change approved by Enami.
Accidentally left eval = 1 when I was adding the extension which caused the rm command to return a 1 when it successfully removed a directory. Thanks to tron for catching it.
2003-02-13 19:51:10 +00:00
jrf c271c1590b Added the -v flag. 2003-02-12 19:27:22 +00:00
enami 230caefde1 - Remove the last __P.
- Don't put space between function name and () op.
2002-11-05 04:49:05 +00:00
enami b0d6c27ed1 - Use four space to indent continuation line.
- Put a space after the C language keyword ``switch''.
- Put an empty line if a function doesn't have local variable.
- Use do { } while (/*CONSTCOND*/ 0) instead of { } to protect a multi
  statement macro
2002-05-02 13:25:09 +00:00
soren dc53bf3cba Sync getopt() / man page with actual getopt options. 2001-12-20 20:10:33 +00:00
jmc 440e119ba5 Patch from mycroft to fix case of rm -rf nonexistant on a r/o fs would still
report errors. Checking the fts_errno for ENOENT before attempting removal
fixes this.
2001-11-22 00:16:07 +00:00
wiz 0b11ad4584 ANSIfy, KNF, [gs]etprogname, by Petri Koistinen. 2001-09-16 21:24:54 +00:00
drochner 85cbf55d16 Since our gcc doesn't warn about NULL format strings anymore, we can
fix the incorrect err(1, "%s", "") et al.
Closes PR bin/7592 by cgd.
1999-11-09 15:06:30 +00:00
is b4d9cefaed Don't ask for permission to unlink a file if the access error is ETXTBSY.
This needs vfs_syscalls.c 1.138 to really work.
Fixes pr 4134 by Johan Danielsson.
1999-06-30 10:18:59 +00:00
mycroft ee9e50eacb Be more retentive about use of NOTREACHED and noreturn. 1998-07-28 11:41:40 +00:00
mycroft 9dc385beb1 Delint. 1998-07-28 05:31:22 +00:00
mycroft 29bf463dcb Delint. 1998-07-28 04:01:03 +00:00
kleink 88c27a6c44 Per 1003.2, no warnings shall be generated for attempts to remove non-existent
files in case the `-f' option has been specified:
Extend the definition of `non-existent' to include ENAMETOOLONG and ENOTDIR
cases, since file names failing with these errors can safely assumed to be
non-existent.  Fixes PR bin/2993.
1997-12-21 15:28:27 +00:00
christos 25b23032f5 Fix compiler warnings.
Add WARNS=1
1997-07-20 20:51:08 +00:00
jtc d943cdadce Sync with 4.4lite2 1995-09-07 06:42:58 +00:00
cgd 49f0ad8601 convert to new RCS id conventions. 1995-03-21 09:01:59 +00:00
mycroft 0155aa3b5e Mostly sync with CSRG. 1994-12-28 01:37:49 +00:00
jtc 1a6ccc3e14 Strip trailing slashes of operands in checkdot().
POSIX.2 requires that if "." or ".." are specified as the basename
portion of an operand, a diagnostic message be written to standard
error, etc.  We strip the slashes because POSIX.2 defines basename
as the final portion of a pathname after trailing slashes have been
removed.

This also makes rm "perform actions equivalent to" the POSIX.1
rmdir() and unlink() functions when removing directories and files,
even when they do not follow POSIX.1's pathname resolution semantics
(which require trailing slashes be ignored).
1994-11-02 16:17:14 +00:00
mycroft 9baa91f322 Merge with 4.4-Lite version. 1994-09-20 00:37:13 +00:00
jtc a1899e4c09 Fix bug where two messages were printed when a directory could not
be removed due to some error.
1994-03-16 17:49:40 +00:00
jtc bb2df5e351 The -f flag suppresses error messages and changes to the exit value if
a file specified on the command line does not exist.  This is the _only_
case where error messages/exit value are effected by the -f flag.
1994-01-28 20:02:54 +00:00
jtc d655636830 Change order of conditional so that a possible null pointer is not
dereferenced.  This case would only occur when stdin was not a tty.
Thanks to Dan Muntz for discovering this bug.
1993-11-29 22:39:19 +00:00
jtc 5f8699a3a2 Some minor fixes:
If all the arguments have a "." or ".." basename, the exit value should be
modified whether or not the -f flag was specified.
Don't exit if a file can not be read or there is another error (FTS_DNR or
FTS_ERR), there are probably other files that we can process successfully.
1993-11-16 23:59:17 +00:00
jtc c297d9d02d Check user's response against both 'Y' and 'y' --- this is really supposed
to be a locale specific regular expression.  This change hard codes POSIX
locale behavior, and will be replaced by a locale independant equivalent
as soon as locales are fully implemented.
1993-11-16 23:16:49 +00:00
jtc 70947c85e4 Don't ask about each directory twice when using -r and -i flags.
Exit value is not always zero when using -f flag, only if all files were
removed or non-existant.
1993-10-25 19:50:23 +00:00
jtc 8e3ded2bb0 Changed conditional from "iflag && check(...)" to "!fflag && check(...)".
Removed the !fflag from conditionals in check() ... the check function
is never executed if !fflag.
1993-10-25 19:28:19 +00:00
jtc 3f0d8565ab Changed so that rm without -r or -R is 1003.2 compliant --- I haven't
had time to look at the recursive code, but it probably has the same
types of problems.
Added code to set the default locale, so it will work correctly when
our locale code is more than just stubs.
Added prototypes, etc. to make gcc -Wall happier.
1993-10-25 19:12:51 +00:00
deraadt ec2040d768 change for new fts library 1993-08-05 23:59:25 +00:00
mycroft 8542364e07 Add RCS identifiers. 1993-08-01 18:49:50 +00:00
mycroft 315a228c77 Be silent if -f specified. 1993-04-10 00:57:03 +00:00
cgd 06be60083d changed "Id" to "Header" for rcsids 1993-03-23 00:22:59 +00:00
cgd 346aa5dd48 added rcs ids to all files 1993-03-22 08:04:00 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00