tmpfiles: R! /dir/.* destroys root

[jsynacek]

Do NOT run the reproducer without a proper backup and/or on a production system!

How to reproduce:

1. # mkdir -p /foo/dir{1,2}
2. # touch /foo/.bar{1,2}
3. # cat /etc/tmpfiles.d/test.conf
R! /foo/.* - - - - -
4. Reboot.

Note the dot in the glob. When either using r!, or removing the dot and using R!, the bug doesn't reproduce.

[poettering]

I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?

[jsynacek]

No, not on Fedora 24 at least.

[louiz]

no?

No

http://pubs.opengroup.org/onlinepubs/9699919799/utilities/rm.html#tag_20_111_16

The rm utility is forbidden to remove the names dot and dot-dot in order to avoid the consequences of inadvertently doing something like:

rm -r .*

[csirac2]

Here's the regression tests in coreutils https://github.com/coreutils/coreutils/blob/e7a2580b96370da03c4d3553ccdf4ee66a14c6a4/tests/rm/r-4.sh#L39 which includes the rm -rf .//// case.

[rysiekpl]

For some people it's advisable to never miss a chance to stay silent.

Debian:

root@5afb081909c8:/# mkdir /foo/
root@5afb081909c8:/# rm -rf /foo/.*
rm: refusing to remove '.' or '..' directory: skipping '/foo/.'
rm: refusing to remove '.' or '..' directory: skipping '/foo/..'

Ubuntu:

root@b5d54715a834:/# mkdir /foo/
root@b5d54715a834:/# rm -rf /foo/.*
rm: refusing to remove '.' or '..' directory: skipping '/foo/.'
rm: refusing to remove '.' or '..' directory: skipping '/foo/..'

Busybox:

/ # mkdir /foo/
/ # rm -rf /foo/.*
rm: can't remove '.' or '..'
rm: can't remove '.' or '..'

It took a whole of 5mins to test all of these.

I find it particularly interesting since the comment I am referring to has been made after the issue has been solved already. Way to highlight how little consideration is being given to issues reported by systemd users. Bodes well for the whole project!..

[thelounge-zz]

I am not sure I'd consider this much of a problem.

shocking to hear

Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?

no, and you REALLY should know that as many others do or AT LEAST test it before pretend such nonsense - frankly, that below is not something theoretical, i do that for many years to get /tmp/ really empty

[root@testserver:/tmp]$ rm -rf .
./ ../ .font-unix/ .ICE-unix/ .Test-unix/ .X11-unix/ .XIM-unix/
[root@testserver:/tmp]$ rm -rf .*
rm: Entfernen von '.' Verzeichnis '..' nicht möglich: '.' wird übersprungen
rm: Entfernen von '.' Verzeichnis '..' nicht möglich: '..' wird übersprungen

[thelounge-zz]

and look how others see it as "much of a problem" when something by accident kills the whole OS - and yes i am terrible angry by that comment which shows something of an bad attitude

[root@testserver:~]$ rm -rf /
rm: it is dangerous to operate recursively on '/'
rm: use --no-preserve-root to override this failsafe