svn commit: r328951 - head/etc/rc.d
Rodney W. Grimes
freebsd at pdx.rh.CN85.dnsmgr.net
Wed Feb 7 00:19:13 UTC 2018
> Author: feld (ports committer)
> Date: Tue Feb 6 21:35:41 2018
> New Revision: 328951
> URL: https://svnweb.freebsd.org/changeset/base/328951
>
> Log:
> Refactor cleanvar to remove shell expansion vulnerability
>
> If any process creates a directory named "-P" in /var/run or
> /var/spool/lock it will cause the purgedir function to start to rm -r /.
>
> Simplify a lot of complicated shell logic by leveraging find(1).
>
> Reviewed by: allanjude
> MFC after: 3 days
> Differential Revision: https://reviews.freebsd.org/D13778
Please be careful about use of binaries from /usr/bin in
/etc/rc.d, though in this case it is probably ok as /usr
has been mounted by the time cleanvar runs, that is not
always the case.
> Modified:
> head/etc/rc.d/cleanvar
>
> Modified: head/etc/rc.d/cleanvar
> ==============================================================================
> --- head/etc/rc.d/cleanvar Tue Feb 6 21:01:38 2018 (r328950)
> +++ head/etc/rc.d/cleanvar Tue Feb 6 21:35:41 2018 (r328951)
> @@ -19,34 +19,6 @@ stop_cmd=":"
> extra_commands="reload"
> reload_cmd="${name}_start"
>
> -purgedir()
> -{
> - local dir file
> -
> - if [ $# -eq 0 ]; then
> - purgedir .
> - else
> - for dir
> - do
> - (
> - cd "$dir" && for file in .* *
> - do
> - # Skip over logging sockets
> - [ -S "$file" -a "$file" = "log" ] && continue
> - [ -S "$file" -a "$file" = "logpriv" ] && continue
> - [ ."$file" = .. -o ."$file" = ... ] && continue
> - if [ -d "$file" -a ! -L "$file" ]
> - then
> - purgedir "$file"
> - else
> - rm -f -- "$file"
> - fi
> - done
> - )
> - done
> - fi
> -}
> -
> cleanvar_prestart()
> {
> # These files must be removed only the first time this script is run
> @@ -58,14 +30,17 @@ cleanvar_prestart()
> cleanvar_start()
> {
> if [ -d /var/run -a ! -f /var/run/clean_var ]; then
> - purgedir /var/run
> + # Skip over logging sockets
> + find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete
> >/var/run/clean_var
> fi
> if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
> - purgedir /var/spool/lock
> + find /var/spool/lock -type f -delete
> >/var/spool/lock/clean_var
> fi
> - rm -rf /var/spool/uucp/.Temp/*
> + if [ -d /var/spool/uucp/.Temp ]; then
> + find /var/spool/uucp/.Temp -delete
> + fi
> }
>
> load_rc_config $name
>
>
--
Rod Grimes rgrimes at freebsd.org
More information about the svn-src-all
mailing list