mutt_unlink overwrites file to be unlinked

To: mutt-dev@xxxxxxxx
Subject: mutt_unlink overwrites file to be unlinked
From: Philipp Weis <pweis@xxxxxxxxx>
Date: Fri, 2 Apr 2010 16:09:07 -0400
List-post: <mailto:mutt-dev@mutt.org>
List-unsubscribe: send mail to majordomo@mutt.org, body only "unsubscribe mutt-dev"
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

Hi,

while looking into http://dev.mutt.org/trac/ticket/3261, I discovered
that mutt_unlink in lib.c does not only performs some checks and
unlinks a file, it also overwrites every bit in the file with zeros.
The relevant code has been in the repository since revision 0, and
there are no comments to explain what's going on.

As a consequence of this, the unlink code fails if it called on a
read-only file, as happened with a first fix for the above bug. The
ugly fix for that now is to change file permission before calling
mutt_unlink.

Presumably there are some security considerations, but I honestly
don't see why it would make sense to go as far put all zeros in the
file. This doesn't necessarily do anything (think of copy-on-write
filesystems), and also comes with a performance penalty on large
files. Am I missing something here?

I'd like to change mutt_unlink so that it simply doesn't write all the
zeros.

Philipp

Prev by Date: Re: [Mutt] #3261: mutt should open attachment as read-only file for external viewer
Next by Date: Re: [Mutt] #3391: g key feedback the same as r
Previous by thread: Re: [PATCH] manual.xml.head: Add example to editor description.
Next by thread: [Mutt] #3400: mailto url support should be documented
Index(es):
- Date
- Thread