Umm, too late, I have just uploaded new version of php5. Anyway, I have updated the script in the git and it will be update to your variant in some next upload.
O. 2011/5/14 Bob Proulx <[email protected]>: > Hi Ondřej, > > Ondřej Surý wrote: >> Hi Stephane, >> >> since you are the original reporter of the security bug in the cron.d >> script, I would like to ask you for opinion on this bug. >> >> find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin >> +$(/usr/lib/php5/maxlifetime) -execdir sh -c 'C=$(fuser "$0" >> 2>/dev/null | wc -w); [ "$C" -eq 0 ] && rm -f "$0"' {} \; >> >> I think that it is safe to change find command line in this way, but >> more eyes see more. > > Note that adding 'fuser' to the cron script would add a new Depends: > to php5-common on 'psmisc'. > > I think it is still safer to use the -delete option within find rather > than an external rm. I also would like to reduce the number of > external calls to as few as possible. > > I don't think the stderr of fuser should be discarded. If it is > producing errors then this is something that should be found and > addressed. Was there a particular case you were thinking of there? > > How about this? > > find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f \ > -cmin +$(/usr/lib/php5/maxlifetime) \ > -execdir sh -c 'test -z "$(fuser "$0")"' {} \; \ > -delete > > Here only the exit code value of the execdir is being used to decide > whether -delete should be invoked or not. > > Bob > -- Ondřej Surý <[email protected]> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
