Jump to content

CCleaner delete bug - follows symbolic links in Recycle Bin

tmeatl

By tmeatl
in CCleaner Bug Reporting

 Share

Recommended Posts

tmeatl

tmeatl

Posted
Posted

Discovered that if you create a symbolic directory link to another location using the mklink /d command, then delete that symbolic link so that it goes to the Windows Recycle Bin, CCleaner will delete the actual files that the symbolic link points to.

 

Example steps to reproduce, using a NAS located at \\nas. Be sure you are okay with deleting files in the network location specified!

  1. Create a symbolic directory link to a network location using the mklink command: mklink /d c:\nastest \\nas\docs
  2. Delete the symbolic link directory c:\nastest. Send it to the Windows Recycle Bin
  3. Run CCleaner, either by right clicking the Recycle Bin and choosing "Run CCleaner", or by opening the program and Analyzing/Running.
  4. Watch all your files located in \\nas\docs disappear before your very eyes!

The files are not deleted when you execute a standard Windows empty Recycle Bin command, so this bug is limited to CCleaner's activity.

Link to comment
Share on other sites
Alan_B

Alan_B

Posted
Posted

PLEASE DO NOT FIX THIS DESIRABLE FEATURE :)

 

Or if it is fixed please make it optional.

 

Microsoft first stated that deleting a Reparse Point would NOT delete the destination.

Google found complaints from people that believed them and lost files as a result.

Google cannot find Microsoft's original statements - I am guessing "Take Down Notices" were issued.

 

Microsoft then, and now, advised that ACLs should be applied to reparse points to protect the destination.

I think Windows 7 has well over 40 different reparse points and they have a wide and varied range of access restrictions.

 

I now have all my Firefox Profiles routed via Reparse Points to a non-system partition,

and CCleaner happily cleans those profiles just the same as if they were in C:\.

 

My daily incremental backup partition image file is about 50 MB as a result of Windows constantly twitching and tweaking itself.

Before I re-routed the Firefox Profiles the daily image file was 150 MB due to the various *.sqlite files being updated each day.

 

Microsoft make it the responsibility of the user to provide ACL restrictions if they wish to protect the destination of a reparse point,

and this this be the first consideration of any user who adds their own reparse point.

 

N.B. Reparse Points for XP compatibility make a pigs ear out of Windows 7

An old XP application may install on Windows 7 and use Reparse points at "C:\Documents and Settings\..." to reach "C:\Users\..."

and what gets written to the old XP location is rerouted to the correct place in W7

but trying to delete ready for a clean update gets blocked by Microsoft ACL's - on some reparse points but not others.

I had much grief with BAT scripts written by XP users to uninstall Comodo Security.

On W7 some XP routes were not protected from deletion but other routes were protected.

Link to comment
Share on other sites
tmeatl

tmeatl

Posted
  • Author
Posted

AlanB,

 

I'm not suggesting that CCleaner not follow symbolic links that you've created and are using in place of normally located directories, such as your Firefox profiles. They should be transparent to applications and handled only at the OS level. The OS will hand you off to the "real" folder, but as far as the application is concerned, the data is where it originally went to look. That's just basically how symbolic links work, and that is fine.

 

What I'm reporting is a problem where, if you delete a symbolic link and send it to the Recycle Bin, CCleaner will actually follow the links within the Recycle Bin when clearing it out. They shouldn't be treated as symbolic links to follow when they are in a trash can; they should be considered as something similar to a shortcut file on your desktop. If you delete the shortcut and subsequently empty out the Recycle Bin to permanently delete it, you wouldn't want that action to actually delete your program's executable the shortcut was pointing to.

 

Setting ACLs on the symbolic link destinations to protect them from accidental deletion is not a solution to these kinds of problems. It's basically suggesting that you mark everything as read only so you don't accidentally delete anything, ever.

 

Also, developers/moderators, thanks for considering this. :)

Link to comment
Share on other sites
Alan_B

Alan_B

Posted
Posted

Hope this does get fixed. I hate the thought that the simple art of cleaning the recycle bin would cause CCleaner (in certain circumstances) to delete the files that are referenced, instead of just what's in the bin!

I think this only happens if :-

The reparse point is in the recycle bin ;

and the reparse point ACL's permit deletion via the reparse point ;

and may also depend on what version of Windows.

 

I believe also you would be forewarned before disaster if you Analysed and inspected the results before actually cleaning.

Link to comment
Share on other sites
Alan_B

Alan_B

Posted
Posted

If you delete the shortcut and subsequently empty out the Recycle Bin to permanently delete it, you wouldn't want that action to actually delete your program's executable the shortcut was pointing to.

 

Setting ACLs on the symbolic link destinations to protect them from accidental deletion is not a solution to these kinds of problems. It's basically suggesting that you mark everything as read only so you don't accidentally delete anything, ever.

 

Also, developers/moderators, thanks for considering this. :)

A desktop shortcut is totally different, it is nothing like the a symbolic link.

 

Neither Microsoft nor I suggest setting the ACL's of symbolic link destinations.

It is the only the symbolic link itself which needs its individual ACL's set in order that the destination contents be protected.

You can still delete a file on a chosen path by using the DIRECT path,

even though the Reparse Route path may restrict you to Read Only access.

 

From Wikipedia

http://en.wikipedia....junction_point.

Microsoft strongly recommends:[4]

    • Use NTFS ACLs to protect junction points from inadvertent deletion.
    • Use NTFS ACLs to protect files and directories targeted by junction points from inadvertent deletion or other file system operations.
    • Never delete a junction point using Explorer, a del /s command, or other file system utilities that walk recursively into directory trees. These utilities will affect the target directory and all subdirectories. Instead, use the utilities described below to delete junction points.
    • Use caution when applying ACLs or changing file compression in a directory tree that includes NTFS Junction Points.
    • Do not create namespace cycles with NTFS or DFS junction points.
    • Place all junction points at a secure location in a namespace where they can be tested safely, and other users will not mistakenly delete them or walk through them.

    [*]Obscure: There are issues relating to junction points on Windows 2000 domain controllers & certain Active Directory files.[5]

 

See also the following links from when I researched CACLS for use on XP Home :-

http://support.microsoft.com/kb/162786

http://www.techrepub...ws-acls/1050976

http://www.computerp...ities/cacls.htm

 

I counted about 24 different combinations of access with CACLS, e.g. whether a file can be :-

read ;

written to ;

deleted ;

 

With Windows 7 the preferred tool is iCacls and I have not tried counting its combinations

 

Alan

Link to comment
Share on other sites
  • 2 weeks later...
  • 2 months later...
gggirlgeek

gggirlgeek

Posted
Posted

Just happened to me. I know you're trying hard to fix it. Thanks!

 

Using Ccleaner 3.11, Win7 Sp1 32bit, LinkShellExtension to create the reparse points.

 

I created a Junction in C:\Program Files to P:\My Data, then delelted it. I did this again with a symbolic link. (C:\ and P:\ are on different hard drives). Everything seemed fine -- programs running from the P drive still exsisted for a few more days.

 

Several days later, I did a normal Ccleaner file cleanup and then rebooted. When Windows started all of my files in P:\My Data were gone! (Recovered some of it with Recuva, but a lot of work was lost.)

 

I have done every virus scan feasible, scoured the Event Viewer, and retraced all of my steps. Everything keeps coming back to the moment I deleted the junction and sym link from the recycle bin with Ccleaner. I am positive it followed one of the links and deleted my folder.

 

I know I was stupid not to backup, and even more stupid not to check what was being cleaned-up, but I often delete videos, so a large recycle bin is normal. I'm quite savvy with Ccleaner so it took me by surprise. I also let Ccleaner run unattended every week with MyDefrag. Scary!

 

I've never had a problem with a reparse point deleting the linked files from the recycle bin before, but I will definitely do some testing after this.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept