Michael Bednarek
10-06-2005, 08:29 AM
From comp.risks (5 Oct 2005):
>Date: Mon, 03 Oct 2005 16:48:33 +0400
>From: Diomidis Spinellis <dds@...>
>Subject: Windows delete command can fail silently
>
>In the Windows XP command interpreter CMD.EXE (the default command line
>shell) one can specify multiple arguments to the DEL(ete) command, in order
>to delete multiple files. If at least one of the files can be deleted, the
>command will not complain about any nonexistent files specified as
>arguments. For example:
>
>C:\> echo.>foo
>C:\> del nonexistent foo
>C:\> del nonexistent
>Could Not Find C:\nonexistent
>
>This behavior is non-orthogonal and risky. If one mistypes the name of one
>of several files that are to be deleted, that file will silently continue to
>exist. The same will happen if one of the files has the hidden attribute
>set: DEL will silently ignore it, rather than issue an error message.
>Although one should not depend on a delete command to reliably obliterate
>data, the current behavior can lead to difficult-to-locate bugs, especially
>in scripts.
>
>Further examination of the command reveals other instances of non-orthogonal
>behavior. When specifying multiple non-existent files as arguments, DEL
>will complain only about the first one, but when specifying multiple files
>with the read-only attribute set, DEL will complain about each one. Also
>DEL, never sets the ERRORLEVEL environment variable to indicate an error,
>although other commands, like DIR, set it correctly.
>
>The logic behind a correctly-operating implementation of DEL is trivial.
>
>errorlevel = 0
>foreach filename
> if not delete(filename) then
> display_error_message(filename)
> errorlevel = 1
> end if
>end foreach
>exit(errorlevel)
>
>If a central and critical piece of the Windows operating system, such as the
>command shell, can't get the above logic right, what are the chances of
>having in the system a secure TCP/IP stack, web browser, or firewall?
>
>Diomidis Spinellis - http://www.spinellis.gr
--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
>Date: Mon, 03 Oct 2005 16:48:33 +0400
>From: Diomidis Spinellis <dds@...>
>Subject: Windows delete command can fail silently
>
>In the Windows XP command interpreter CMD.EXE (the default command line
>shell) one can specify multiple arguments to the DEL(ete) command, in order
>to delete multiple files. If at least one of the files can be deleted, the
>command will not complain about any nonexistent files specified as
>arguments. For example:
>
>C:\> echo.>foo
>C:\> del nonexistent foo
>C:\> del nonexistent
>Could Not Find C:\nonexistent
>
>This behavior is non-orthogonal and risky. If one mistypes the name of one
>of several files that are to be deleted, that file will silently continue to
>exist. The same will happen if one of the files has the hidden attribute
>set: DEL will silently ignore it, rather than issue an error message.
>Although one should not depend on a delete command to reliably obliterate
>data, the current behavior can lead to difficult-to-locate bugs, especially
>in scripts.
>
>Further examination of the command reveals other instances of non-orthogonal
>behavior. When specifying multiple non-existent files as arguments, DEL
>will complain only about the first one, but when specifying multiple files
>with the read-only attribute set, DEL will complain about each one. Also
>DEL, never sets the ERRORLEVEL environment variable to indicate an error,
>although other commands, like DIR, set it correctly.
>
>The logic behind a correctly-operating implementation of DEL is trivial.
>
>errorlevel = 0
>foreach filename
> if not delete(filename) then
> display_error_message(filename)
> errorlevel = 1
> end if
>end foreach
>exit(errorlevel)
>
>If a central and critical piece of the Windows operating system, such as the
>command shell, can't get the above logic right, what are the chances of
>having in the system a secure TCP/IP stack, web browser, or firewall?
>
>Diomidis Spinellis - http://www.spinellis.gr
--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"