Web lists-archives.com

Re: [bug] coreutils: potentially dangerous: $(realpath //) != /




On Mon, 12 Mar 2018 20:43:13 -0500
Eric Blake <...> wrote:

> Furthermore, you need to realize that GNU coreutils 'rm' already has 
> special logic (permitted by POSIX) such that 'rm -rf /' fails unless you 
> use --no-preserve-root ('rm -rf /*' unfortunately does not trigger the 
> special logic, only an attempt to directly remove the root directory is 
> flagged - but you're also forgetting that /* does not necessarily list 
> all files under /, thanks to hidden files, and that 'rm -rf "$dir"' is 
> always better than 'rm -rf "$dir"/*' if you are worried about hidden 
> files in $dir and/or command-line length limits due to the glob 
> expansion of *).
> 
I don't know what this is for, but nevertheless,
thank you for your efforts to eliminate of illiteracy among readers...

> Just because Linux has taken the stance that their documented definition 
> of // is "synonym for /" does NOT mean that ALL POSIX systems have taken 
> the same approach; Cygwin has taken the approach that "// is documented 
> to be the root of network access points, distinct from /".
> 
> POSIX allows leeway between implementations; this is one of those 
> documented places where they differ, yet are still both POSIX compliant 
> with their different choices.  If your script is not robust to what 
> POSIX has already warned you about, fix your script.
> 
> > and, as a consequence, I should avoid the case where
> > somewhere in a bash script evaluating of some variable would lead to one of
> > the following command to execute:
> > rm -rf /*
> > rm -rf //*
> > rm -rf ///*
> > rm -rf ////*
> > that all do the very same thing in Linux.
> 
> 3 of the 4 do the same thing on ALL POSIX platforms.  The only one that 
> has implementation-defined behavior is 'rm -rf //*', which is different 
> on systems where // is distinct (such as Cygwin).  All the other 
> spellings (attempt) to remove all non-hidden files from the root directory.
> 
If you really claims that Cygwin may and should be different and distinct from all other
existing POSIX systems (the more so that it is allowed by POSIX),
then it would probably be more obvious and clear to say this at the very begining, e.g.
"Get that Linux feeling (with all those differents and distinctions) - on Windows"

> Use of // in Linux is already on shaky ground, given that POSIX has 
> already declared it to be implementation-defined.
Shaky ground? There must be some good reasons (beyond the declaration of such an abstarct
possibility) that it should to be done differently than it has been so far.


-- 

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple