Subject: Re: CVS commit: src/usr.bin/find
To: SODA Noriyuki <soda@sra.co.jp>
From: Perry E. Metzger <perry@piermont.com>
List: tech-userlevel
Date: 02/08/2007 13:37:11
SODA Noriyuki <soda@sra.co.jp> writes:
>> How does the rm option introduce a security problem?
>
> People may depend on the fact that current "-rm" implementation is
> secure against the symlink race.
> And introduction of the correct "-rm" implementation may break
> the people's assumption.  That's a security risk.

The logic here is amazingly tortured. I can't agree with it. I'd go so
far as to say that it is pretty much nonsense.

There is nothing "-rm" is harming so urgently that demands that we
remove it instantly instead of taking a while and thinking about
it. It is barely ten bytes of code and we're no where near to a
release. If you are willing to discuss altering the code in good faith
I'll talk about that, but there is no reason to remove the existing
option before then.

Perry