On Mon, Nov 4, 2019 at 4:16 PM Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On 11/1/19 5:27 AM, Nicolas Iooss wrote: > > libselinux/src/exception.sh creates a file named "-.o". This file is > > usually removed at the end of this script, but some failures in it could > > left it on the filesystem. "make clean" is then supposed to remove this > > file, but fails instead with: > > > > rm: invalid option -- '.' > > Try 'rm ./-.o' to remove the file '-.o'. > > Try 'rm --help' for more information. > > > > This is due to "rm -f *.o" being expanded to "rm -f -.o". Prevent this > > buggy expansion by using "./*.o" in the command line. While at it, do so > > for other patterns like "*~". > > Does any other software package use this idiom for clean? I haven't > seen it. I'm wondering if we aren't better off doing any/all of the > following: > > 1) Fix exception.sh to not create files starting in "-", > 2) Fix our clean targets to only delete explicitly generated object file > lists; some of them at least already have $(OBJS) $(LOBJS) so why do we > need the extra wildcard? > 3) Maybe use $(wildcard ...)? The only over software that use "./*..." or "rm -- *..." are those which handle directories with "untrusted content", ie. with files whose names may be created by an attacker. Such as threat model is not applicable on a build management system, which is why only few projects use ./* or "rm --" in "make clean". Therefore I agree with considering that creating a file starting with "-" is a bug. I will send a patch to fix exception.sh (by adding "-o temp.o" to some commands). Thanks for your feedback. Nicolas
