svn commit: r328951 - head/etc/rc.d

Tue, 06 Feb 2018 13:36:37 -0800 

Author: feld (ports committer)
Date: Tue Feb  6 21:35:41 2018
New Revision: 328951
URL: https://svnweb.freebsd.org/changeset/base/328951

Log:
  Refactor cleanvar to remove shell expansion vulnerability
  
  If any process creates a directory named "-P" in /var/run or
  /var/spool/lock it will cause the purgedir function to start to rm -r /.
  
  Simplify a lot of complicated shell logic by leveraging find(1).
  
  Reviewed by:  allanjude
  MFC after:    3 days
  Differential Revision:        https://reviews.freebsd.org/D13778

Modified:
  head/etc/rc.d/cleanvar

Modified: head/etc/rc.d/cleanvar
==============================================================================
--- head/etc/rc.d/cleanvar      Tue Feb  6 21:01:38 2018        (r328950)
+++ head/etc/rc.d/cleanvar      Tue Feb  6 21:35:41 2018        (r328951)
@@ -19,34 +19,6 @@ stop_cmd=":"
 extra_commands="reload"
 reload_cmd="${name}_start"
 
-purgedir()
-{
-       local dir file
-
-       if [ $# -eq 0 ]; then
-               purgedir .
-       else
-               for dir
-               do
-               (
-                       cd "$dir" && for file in .* *
-                       do
-                               # Skip over logging sockets
-                               [ -S "$file" -a "$file" = "log" ] && continue
-                               [ -S "$file" -a "$file" = "logpriv" ] && 
continue
-                               [ ."$file" = .. -o ."$file" = ... ] && continue
-                               if [ -d "$file" -a ! -L "$file" ]
-                               then
-                                       purgedir "$file"
-                               else
-                                       rm -f -- "$file"
-                               fi
-                       done
-               )
-               done
-       fi
-}
-
 cleanvar_prestart()
 {
        # These files must be removed only the first time this script is run
@@ -58,14 +30,17 @@ cleanvar_prestart()
 cleanvar_start()
 {
        if [ -d /var/run -a ! -f /var/run/clean_var ]; then
-               purgedir /var/run
+               # Skip over logging sockets
+               find /var/run \( -type f -or -type s ! -name log -and ! -name 
logpriv \) -delete
                >/var/run/clean_var
        fi
        if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
-               purgedir /var/spool/lock
+               find /var/spool/lock -type f -delete
                >/var/spool/lock/clean_var
        fi
-       rm -rf /var/spool/uucp/.Temp/*
+       if [ -d /var/spool/uucp/.Temp ]; then
+               find /var/spool/uucp/.Temp -delete
+       fi
 }
 
 load_rc_config $name
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to