Re: svn commit: r328951 - head/etc/rc.d

Tue, 06 Feb 2018 16:20:07 -0800 

> Author: feld (ports committer)
> Date: Tue Feb  6 21:35:41 2018
> New Revision: 328951
> URL: https://svnweb.freebsd.org/changeset/base/328951
> 
> Log:
>   Refactor cleanvar to remove shell expansion vulnerability
>   
>   If any process creates a directory named "-P" in /var/run or
>   /var/spool/lock it will cause the purgedir function to start to rm -r /.
>   
>   Simplify a lot of complicated shell logic by leveraging find(1).
>   
>   Reviewed by:        allanjude
>   MFC after:  3 days
>   Differential Revision:      https://reviews.freebsd.org/D13778

Please be careful about use of binaries from /usr/bin in
/etc/rc.d, though in this case it is probably ok as /usr
has been mounted by the time cleanvar runs, that is not
always the case.


> Modified:
>   head/etc/rc.d/cleanvar
> 
> Modified: head/etc/rc.d/cleanvar
> ==============================================================================
> --- head/etc/rc.d/cleanvar    Tue Feb  6 21:01:38 2018        (r328950)
> +++ head/etc/rc.d/cleanvar    Tue Feb  6 21:35:41 2018        (r328951)
> @@ -19,34 +19,6 @@ stop_cmd=":"
>  extra_commands="reload"
>  reload_cmd="${name}_start"
>  
> -purgedir()
> -{
> -     local dir file
> -
> -     if [ $# -eq 0 ]; then
> -             purgedir .
> -     else
> -             for dir
> -             do
> -             (
> -                     cd "$dir" && for file in .* *
> -                     do
> -                             # Skip over logging sockets
> -                             [ -S "$file" -a "$file" = "log" ] && continue
> -                             [ -S "$file" -a "$file" = "logpriv" ] && 
> continue
> -                             [ ."$file" = .. -o ."$file" = ... ] && continue
> -                             if [ -d "$file" -a ! -L "$file" ]
> -                             then
> -                                     purgedir "$file"
> -                             else
> -                                     rm -f -- "$file"
> -                             fi
> -                     done
> -             )
> -             done
> -     fi
> -}
> -
>  cleanvar_prestart()
>  {
>       # These files must be removed only the first time this script is run
> @@ -58,14 +30,17 @@ cleanvar_prestart()
>  cleanvar_start()
>  {
>       if [ -d /var/run -a ! -f /var/run/clean_var ]; then
> -             purgedir /var/run
> +             # Skip over logging sockets
> +             find /var/run \( -type f -or -type s ! -name log -and ! -name 
> logpriv \) -delete
>               >/var/run/clean_var
>       fi
>       if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
> -             purgedir /var/spool/lock
> +             find /var/spool/lock -type f -delete
>               >/var/spool/lock/clean_var
>       fi
> -     rm -rf /var/spool/uucp/.Temp/*
> +     if [ -d /var/spool/uucp/.Temp ]; then
> +             find /var/spool/uucp/.Temp -delete
> +     fi
>  }
>  
>  load_rc_config $name
> 
> 

-- 
Rod Grimes                                                 rgri...@freebsd.org
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to