From 342c1e079401a7b0174ba0bb6b4c4cbc9839e9e3 Mon Sep 17 00:00:00 2001 From: peter Date: Fri, 4 Oct 1996 12:54:07 +0000 Subject: Implement a -delete option to find. The code is extremely paranoid and goes to a fair degree of trouble to enable something like this to be safe: cd /tmp && find . -mtime +7 -delete It removes both files and directories. It does not attempt to remove immutable files (an earlier version I showed to a few people did a chflags and tried to blow away even immutable files. Too risky..) It is thought to be safe because it forces the fts(3) driven descent to only do "minimal risk" stuff. specifically, -follow is disabled, it does checking to see that it chdir'ed to the directory it thought it was going to, it will *not* pass a pathname with a '/' character in it to unlink(), so it should be totally immune to symlink tree races. If it runs into something "fishy", it bails out rather than blunder ahead.. It's better to do that if somebody is trying to compromise security rather than risk giving them an opportunity. Since the unlink()/rmdir() is being called from within the current working directory during the tree descent, there are no fork/exec overheads or races. As a side effect of this paranoia, you cannot do a "find /somewhere/dir -delete", as the last argument to rmdir() is "/somewhere/dir", and the checking won't allow it. Besides, one would use rm -rf for that case anyway. :-) Reviewed by: pst (some time ago, but I've removed the immutable file deletion code that he complained about since he last saw it) --- usr.bin/find/option.c | 1 + 1 file changed, 1 insertion(+) (limited to 'usr.bin/find/option.c') diff --git a/usr.bin/find/option.c b/usr.bin/find/option.c index 66596c3..c316d4a 100644 --- a/usr.bin/find/option.c +++ b/usr.bin/find/option.c @@ -60,6 +60,7 @@ static OPTION const options[] = { { "-and", N_AND, NULL, O_NONE }, { "-atime", N_ATIME, c_atime, O_ARGV }, { "-ctime", N_CTIME, c_ctime, O_ARGV }, + { "-delete", N_DELETE, c_delete, O_ZERO }, { "-depth", N_DEPTH, c_depth, O_ZERO }, { "-exec", N_EXEC, c_exec, O_ARGVP }, { "-follow", N_FOLLOW, c_follow, O_ZERO }, -- cgit v1.1