Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 4 Apr 2018 17:00:18 +0000 (UTC)
From:      Kyle Evans <kevans@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r332038 - stable/11/etc/rc.d
Message-ID:  <201804041700.w34H0Ipd019280@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: kevans
Date: Wed Apr  4 17:00:18 2018
New Revision: 332038
URL: https://svnweb.freebsd.org/changeset/base/332038

Log:
  MFC r328951: Refactor cleanvar to remove shell expansion vulnerability
  
  If any process creates a directory named "-P" in /var/run or
  /var/spool/lock it will cause the purgedir function to start to rm -r /.
  
  Simplify a lot of complicated shell logic by leveraging find(1).

Modified:
  stable/11/etc/rc.d/cleanvar
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/etc/rc.d/cleanvar
==============================================================================
--- stable/11/etc/rc.d/cleanvar	Wed Apr  4 16:59:10 2018	(r332037)
+++ stable/11/etc/rc.d/cleanvar	Wed Apr  4 17:00:18 2018	(r332038)
@@ -19,34 +19,6 @@ stop_cmd=":"
 extra_commands="reload"
 reload_cmd="${name}_start"
 
-purgedir()
-{
-	local dir file
-
-	if [ $# -eq 0 ]; then
-		purgedir .
-	else
-		for dir
-		do
-		(
-			cd "$dir" && for file in .* *
-			do
-				# Skip over logging sockets
-				[ -S "$file" -a "$file" = "log" ] && continue
-				[ -S "$file" -a "$file" = "logpriv" ] && continue
-				[ ."$file" = .. -o ."$file" = ... ] && continue
-				if [ -d "$file" -a ! -L "$file" ]
-				then
-					purgedir "$file"
-				else
-					rm -f -- "$file"
-				fi
-			done
-		)
-		done
-	fi
-}
-
 cleanvar_prestart()
 {
 	# These files must be removed only the first time this script is run
@@ -58,14 +30,17 @@ cleanvar_prestart()
 cleanvar_start()
 {
 	if [ -d /var/run -a ! -f /var/run/clean_var ]; then
-		purgedir /var/run
+		# Skip over logging sockets
+		find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete
 		>/var/run/clean_var
 	fi
 	if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
-		purgedir /var/spool/lock
+		find /var/spool/lock -type f -delete
 		>/var/spool/lock/clean_var
 	fi
-	rm -rf /var/spool/uucp/.Temp/*
+	if [ -d /var/spool/uucp/.Temp ]; then
+		find /var/spool/uucp/.Temp -delete
+	fi
 }
 
 load_rc_config $name

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201804041700.w34H0Ipd019280>