diff options
author | kevans <kevans@FreeBSD.org> | 2018-04-04 17:00:18 +0000 |
---|---|---|
committer | kevans <kevans@FreeBSD.org> | 2018-04-04 17:00:18 +0000 |
commit | 62fb9221966d3fc6e5d980e59ca673fbef5dad42 (patch) | |
tree | 640b1d3e33026e3dc5c9b3b29cab557fa1fd2f3a /etc | |
parent | 925513040636b5579d792cf38c7362899abc7103 (diff) | |
download | FreeBSD-src-62fb9221966d3fc6e5d980e59ca673fbef5dad42.zip FreeBSD-src-62fb9221966d3fc6e5d980e59ca673fbef5dad42.tar.gz |
MFC r328951: Refactor cleanvar to remove shell expansion vulnerability
If any process creates a directory named "-P" in /var/run or
/var/spool/lock it will cause the purgedir function to start to rm -r /.
Simplify a lot of complicated shell logic by leveraging find(1).
Diffstat (limited to 'etc')
-rwxr-xr-x | etc/rc.d/cleanvar | 37 |
1 files changed, 6 insertions, 31 deletions
diff --git a/etc/rc.d/cleanvar b/etc/rc.d/cleanvar index e60890d..fcfd365 100755 --- a/etc/rc.d/cleanvar +++ b/etc/rc.d/cleanvar @@ -19,34 +19,6 @@ stop_cmd=":" extra_commands="reload" reload_cmd="${name}_start" -purgedir() -{ - local dir file - - if [ $# -eq 0 ]; then - purgedir . - else - for dir - do - ( - cd "$dir" && for file in .* * - do - # Skip over logging sockets - [ -S "$file" -a "$file" = "log" ] && continue - [ -S "$file" -a "$file" = "logpriv" ] && continue - [ ."$file" = .. -o ."$file" = ... ] && continue - if [ -d "$file" -a ! -L "$file" ] - then - purgedir "$file" - else - rm -f -- "$file" - fi - done - ) - done - fi -} - cleanvar_prestart() { # These files must be removed only the first time this script is run @@ -58,14 +30,17 @@ cleanvar_prestart() cleanvar_start() { if [ -d /var/run -a ! -f /var/run/clean_var ]; then - purgedir /var/run + # Skip over logging sockets + find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete >/var/run/clean_var fi if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then - purgedir /var/spool/lock + find /var/spool/lock -type f -delete >/var/spool/lock/clean_var fi - rm -rf /var/spool/uucp/.Temp/* + if [ -d /var/spool/uucp/.Temp ]; then + find /var/spool/uucp/.Temp -delete + fi } load_rc_config $name |