Worm/Passwords

[John Chambers]

In article <466 at yarra.oz.au>, cm at yarra.oz.au (Charles Meo) writes:
> In article <672 at quintus.UUCP> ok at quintus.UUCP (Richard A. O'Keefe) writes:
> > In article <125 at embossed.UUCP> ron at embossed.UUCP (Ron Elliott) writes:
> >>	4) Many of you talk about the thousands of hours lost due to 
> >>	   the Morris Worm.  How about something like "rm *" ?  How many
> >>	   hours have been lost over the last 15 years over that 
> >>	   bug-feature.?  Yes, I know the workarounds, and have installed
> >>	   them.  How come though Un*x venders still havn't issued fixed
> >>	   rm's or even discuss the matter in their documentation?  Or
> >>	   even supplied the workarounds in their distribution?

Once again, it's time to mention the dark side of modifying rm:  Lots of
applications need a way to unconditionally remove files, and for scripts,
rm is the tool of choice.  If the user runs a script, do you really want
the user to be forced to verify that it is OK to remove all the script's
/tmp files?  I've seen it happen, and many users don't consider that to
be particularly user-friendly.

Let me put it another way:  What is needed is two file-deletion commands,
one for ordinary users (that holds their hand, warns them of potential
disasters, and so on), and one as a "system" tool that simply deletes
a file and doesn't try to play games.

This is sort of along the lines of pointing out that, just because
children will hurt themselves if you let them play with knives or
matches, that doesn't mean you get rid of knives or matches.  You
put them in a safe place.  You give the children safe scissors and 
no matches.  But the adults know where the dangerous tools are and
can get them when needed.

I've added a user-friendly file-delete command (with names like "Rm" or
"del" or "rem" :-) to lots of Unix systems.  But changing "rm" isn't the 
way.  The original function of "rm" was to be a simple "just get rid of 
it and don't bug me" command.

The main problem is that, if you provide a "safe" file-delete command
under a different name, most users just go on using the "rm" command
(which the book says is "the Unix command to remove a file", so it's 
what you use, right?), and ignore the safe one.  There's a partial 
solution to that.  Put your new command in a new directory, such as 
/com/rm or something like that, and set up new users so that it is 
first in their search path.  They can then use "rm" to their heart's 
content, and they'll get the safe one.  System programmers who need
sharp knives can put /bin first in their scripts' path, and get the 
real "rm".  Experienced users know how to change their search path.

Why is this a partial answer?  Well, there are lots of scripts around
that just blindly use their caller's path, and they'd get the safe "rm",
thus harassing users with questions as to whether they really want to
remove /tmp/xa012237a, /tmp/xa012237b, /tmp/xa012237c, /tmp/xa012237d,
and so on.

Anyone got a better solution?  (Yeah, I know, rewrite all those @#$!@#
scripts.  I said "a better solution".  Maybe we could rewrite all the
intro-to-Unix books so they don't mention "rm". ;-)

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)

[Any errors in the above are due to failures in the logic of the keyboard,
not in the fingers that did the typing.]