Re: removing garbarge in file system by inode number... (conclusion)

Horst von Brand (vonbrand@sleipnir.valparaiso.cl)
Mon, 01 Nov 1999 10:37:01 -0300

"Marty Leisner" <leisner@rochester.rr.com> said:
> Turned out it was my ftp directory and I got hacked (nothing happened).
> (It happened over a month ago, and my log got discarded...)
>
> Seems rm -rfv had problems dealing with it (I went into the bad directory
> and repeatedly wasn't able to accomplish anything).
>
> I had about 10 levels of directories, one of which was
> */bin/sh/*
>
> I had to remove them 1 at a time...(there must have been a bug
> in rm...suppose it was an ideal time to figure out what was wrong...)

rm(1) usually does a recursive call for handling -r (essentially a
postorder traversal), and this can run out of space. Rewriting it for no
recursion isn't fun, and not needed except for truly pathological cases,
which will blow up regardless. Besides, it will soon run out of maximal
filename length.

Better: Write a scripty that blows away one level, and then goes up one
level (..) to do the same. Start that one by descending into the "tree"s
bottom (miscreants usually just leave one long branch). Be careful on how
you stop...

-- 
Horst von Brand                             vonbrand@sleipnir.valparaiso.cl
Casilla 9G, Viņa del Mar, Chile                               +56 32 672616


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/