Date: Tue, 6 Feb 2018 16:19:08 -0800 (PST) From: "Rodney W. Grimes" <freebsd@pdx.rh.CN85.dnsmgr.net> To: Mark Felder <feld@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r328951 - head/etc/rc.d Message-ID: <201802070019.w170J8os018888@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <201802062135.w16LZfLD020197@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Author: feld (ports committer) > Date: Tue Feb 6 21:35:41 2018 > New Revision: 328951 > URL: https://svnweb.freebsd.org/changeset/base/328951 > > Log: > Refactor cleanvar to remove shell expansion vulnerability > > If any process creates a directory named "-P" in /var/run or > /var/spool/lock it will cause the purgedir function to start to rm -r /. > > Simplify a lot of complicated shell logic by leveraging find(1). > > Reviewed by: allanjude > MFC after: 3 days > Differential Revision: https://reviews.freebsd.org/D13778 Please be careful about use of binaries from /usr/bin in /etc/rc.d, though in this case it is probably ok as /usr has been mounted by the time cleanvar runs, that is not always the case. > Modified: > head/etc/rc.d/cleanvar > > Modified: head/etc/rc.d/cleanvar > ============================================================================== > --- head/etc/rc.d/cleanvar Tue Feb 6 21:01:38 2018 (r328950) > +++ head/etc/rc.d/cleanvar Tue Feb 6 21:35:41 2018 (r328951) > @@ -19,34 +19,6 @@ stop_cmd=":" > extra_commands="reload" > reload_cmd="${name}_start" > > -purgedir() > -{ > - local dir file > - > - if [ $# -eq 0 ]; then > - purgedir . > - else > - for dir > - do > - ( > - cd "$dir" && for file in .* * > - do > - # Skip over logging sockets > - [ -S "$file" -a "$file" = "log" ] && continue > - [ -S "$file" -a "$file" = "logpriv" ] && continue > - [ ."$file" = .. -o ."$file" = ... ] && continue > - if [ -d "$file" -a ! -L "$file" ] > - then > - purgedir "$file" > - else > - rm -f -- "$file" > - fi > - done > - ) > - done > - fi > -} > - > cleanvar_prestart() > { > # These files must be removed only the first time this script is run > @@ -58,14 +30,17 @@ cleanvar_prestart() > cleanvar_start() > { > if [ -d /var/run -a ! -f /var/run/clean_var ]; then > - purgedir /var/run > + # Skip over logging sockets > + find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete > >/var/run/clean_var > fi > if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then > - purgedir /var/spool/lock > + find /var/spool/lock -type f -delete > >/var/spool/lock/clean_var > fi > - rm -rf /var/spool/uucp/.Temp/* > + if [ -d /var/spool/uucp/.Temp ]; then > + find /var/spool/uucp/.Temp -delete > + fi > } > > load_rc_config $name > > -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802070019.w170J8os018888>