svn commit: r328951 - head/etc/rc.d

Rodney W. Grimes freebsd at pdx.rh.CN85.dnsmgr.net
Wed Feb 7 00:19:13 UTC 2018 

> Author: feld (ports committer)
> Date: Tue Feb  6 21:35:41 2018
> New Revision: 328951
> URL: https://svnweb.freebsd.org/changeset/base/328951
> 
> Log:
>   Refactor cleanvar to remove shell expansion vulnerability
>   
>   If any process creates a directory named "-P" in /var/run or
>   /var/spool/lock it will cause the purgedir function to start to rm -r /.
>   
>   Simplify a lot of complicated shell logic by leveraging find(1).
>   
>   Reviewed by:	allanjude
>   MFC after:	3 days
>   Differential Revision:	https://reviews.freebsd.org/D13778

Please be careful about use of binaries from /usr/bin in
/etc/rc.d, though in this case it is probably ok as /usr
has been mounted by the time cleanvar runs, that is not
always the case.


> Modified:
>   head/etc/rc.d/cleanvar
> 
> Modified: head/etc/rc.d/cleanvar
> ==============================================================================
> --- head/etc/rc.d/cleanvar	Tue Feb  6 21:01:38 2018	(r328950)
> +++ head/etc/rc.d/cleanvar	Tue Feb  6 21:35:41 2018	(r328951)
> @@ -19,34 +19,6 @@ stop_cmd=":"
>  extra_commands="reload"
>  reload_cmd="${name}_start"
>  
> -purgedir()
> -{
> -	local dir file
> -
> -	if [ $# -eq 0 ]; then
> -		purgedir .
> -	else
> -		for dir
> -		do
> -		(
> -			cd "$dir" && for file in .* *
> -			do
> -				# Skip over logging sockets
> -				[ -S "$file" -a "$file" = "log" ] && continue
> -				[ -S "$file" -a "$file" = "logpriv" ] && continue
> -				[ ."$file" = .. -o ."$file" = ... ] && continue
> -				if [ -d "$file" -a ! -L "$file" ]
> -				then
> -					purgedir "$file"
> -				else
> -					rm -f -- "$file"
> -				fi
> -			done
> -		)
> -		done
> -	fi
> -}
> -
>  cleanvar_prestart()
>  {
>  	# These files must be removed only the first time this script is run
> @@ -58,14 +30,17 @@ cleanvar_prestart()
>  cleanvar_start()
>  {
>  	if [ -d /var/run -a ! -f /var/run/clean_var ]; then
> -		purgedir /var/run
> +		# Skip over logging sockets
> +		find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete
>  		>/var/run/clean_var
>  	fi
>  	if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
> -		purgedir /var/spool/lock
> +		find /var/spool/lock -type f -delete
>  		>/var/spool/lock/clean_var
>  	fi
> -	rm -rf /var/spool/uucp/.Temp/*
> +	if [ -d /var/spool/uucp/.Temp ]; then
> +		find /var/spool/uucp/.Temp -delete
> +	fi
>  }
>  
>  load_rc_config $name
> 
> 

-- 
Rod Grimes                                                 rgrimes at freebsd.org

More information about the svn-src-all mailing list