Path: utzoo!utgpu!watmath!clyde!ima!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.unix.wizards Subject: Re: Worm/Passwords Message-ID: <135@minya.UUCP> Date: 20 Nov 88 16:48:13 GMT References: <22401@cornell.UUCP> <4627@rayssd.ray.com> <8563@rpp386.Dallas.TX.US> <466@yarra.oz.au> Organization: (none) Lines: 61 In article <466@yarra.oz.au>, cm@yarra.oz.au (Charles Meo) writes: > In article <672@quintus.UUCP> ok@quintus.UUCP (Richard A. O'Keefe) writes: > > In article <125@embossed.UUCP> ron@embossed.UUCP (Ron Elliott) writes: > >> 4) Many of you talk about the thousands of hours lost due to > >> the Morris Worm. How about something like "rm *" ? How many > >> hours have been lost over the last 15 years over that > >> bug-feature.? Yes, I know the workarounds, and have installed > >> them. How come though Un*x venders still havn't issued fixed > >> rm's or even discuss the matter in their documentation? Or > >> even supplied the workarounds in their distribution? Once again, it's time to mention the dark side of modifying rm: Lots of applications need a way to unconditionally remove files, and for scripts, rm is the tool of choice. If the user runs a script, do you really want the user to be forced to verify that it is OK to remove all the script's /tmp files? I've seen it happen, and many users don't consider that to be particularly user-friendly. Let me put it another way: What is needed is two file-deletion commands, one for ordinary users (that holds their hand, warns them of potential disasters, and so on), and one as a "system" tool that simply deletes a file and doesn't try to play games. This is sort of along the lines of pointing out that, just because children will hurt themselves if you let them play with knives or matches, that doesn't mean you get rid of knives or matches. You put them in a safe place. You give the children safe scissors and no matches. But the adults know where the dangerous tools are and can get them when needed. I've added a user-friendly file-delete command (with names like "Rm" or "del" or "rem" :-) to lots of Unix systems. But changing "rm" isn't the way. The original function of "rm" was to be a simple "just get rid of it and don't bug me" command. The main problem is that, if you provide a "safe" file-delete command under a different name, most users just go on using the "rm" command (which the book says is "the Unix command to remove a file", so it's what you use, right?), and ignore the safe one. There's a partial solution to that. Put your new command in a new directory, such as /com/rm or something like that, and set up new users so that it is first in their search path. They can then use "rm" to their heart's content, and they'll get the safe one. System programmers who need sharp knives can put /bin first in their scripts' path, and get the real "rm". Experienced users know how to change their search path. Why is this a partial answer? Well, there are lots of scripts around that just blindly use their caller's path, and they'd get the safe "rm", thus harassing users with questions as to whether they really want to remove /tmp/xa012237a, /tmp/xa012237b, /tmp/xa012237c, /tmp/xa012237d, and so on. Anyone got a better solution? (Yeah, I know, rewrite all those @#$!@# scripts. I said "a better solution". Maybe we could rewrite all the intro-to-Unix books so they don't mention "rm". ;-) -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393) [Any errors in the above are due to failures in the logic of the keyboard, not in the fingers that did the typing.]