[tor-talk] Not comfortable with the new single-hop system merged into Tor
Alec Muffett
alec.muffett at gmail.com
Thu Dec 22 07:50:38 UTC 2016
On 22 December 2016 at 05:50, Jim <jimmymac at copper.net> wrote:
> Alec Muffett wrote:
>
> Otherwise, go work out how to ban "rm -rf /" - first.
>>
>
> That has actually been addressed in a number of places.
>
> Reference: https://en.wikipedia.org/wiki/Rm_(Unix)
>
> Sun Microsystems introduced "rm -rf /" protection in Solaris
> 10, first released in 2005.
I know. Check my resume, I worked at Sun, and I was literally part of that
discussion.
We decided that although you could detect someone doing something wilfully
dumb (rm -rf /) you could not, because of shell expansion, not block
something very, very similar (rm -rf /*)
We chose the mitigation to be the lightest possible block against
stupidity, akin to what Tor are doing with "you have to enable two options
to prove that you really, really mean to do this".
The OP's concerns were not frivolous.
I concur, they are not frivolous, but they were/are perceived
disproportionately, with consequent over-mitigation being proposed.
But from other posts on this thread it is obvious (IMHO) the developers
> have given this issue the attention it deserved.
Agreed.
- alec
--
http://dropsafe.crypticide.com/aboutalecm
More information about the tor-talk
mailing list