svn commit: r328951 - head/etc/rc.d

Mark Felder feld at FreeBSD.org
Tue Feb 6 21:35:42 UTC 2018 

Author: feld (ports committer)
Date: Tue Feb  6 21:35:41 2018
New Revision: 328951
URL: https://svnweb.freebsd.org/changeset/base/328951

Log:
  Refactor cleanvar to remove shell expansion vulnerability
  
  If any process creates a directory named "-P" in /var/run or
  /var/spool/lock it will cause the purgedir function to start to rm -r /.
  
  Simplify a lot of complicated shell logic by leveraging find(1).
  
  Reviewed by:	allanjude
  MFC after:	3 days
  Differential Revision:	https://reviews.freebsd.org/D13778

Modified:
  head/etc/rc.d/cleanvar

Modified: head/etc/rc.d/cleanvar
==============================================================================
--- head/etc/rc.d/cleanvar	Tue Feb  6 21:01:38 2018	(r328950)
+++ head/etc/rc.d/cleanvar	Tue Feb  6 21:35:41 2018	(r328951)
@@ -19,34 +19,6 @@ stop_cmd=":"
 extra_commands="reload"
 reload_cmd="${name}_start"
 
-purgedir()
-{
-	local dir file
-
-	if [ $# -eq 0 ]; then
-		purgedir .
-	else
-		for dir
-		do
-		(
-			cd "$dir" && for file in .* *
-			do
-				# Skip over logging sockets
-				[ -S "$file" -a "$file" = "log" ] && continue
-				[ -S "$file" -a "$file" = "logpriv" ] && continue
-				[ ."$file" = .. -o ."$file" = ... ] && continue
-				if [ -d "$file" -a ! -L "$file" ]
-				then
-					purgedir "$file"
-				else
-					rm -f -- "$file"
-				fi
-			done
-		)
-		done
-	fi
-}
-
 cleanvar_prestart()
 {
 	# These files must be removed only the first time this script is run
@@ -58,14 +30,17 @@ cleanvar_prestart()
 cleanvar_start()
 {
 	if [ -d /var/run -a ! -f /var/run/clean_var ]; then
-		purgedir /var/run
+		# Skip over logging sockets
+		find /var/run \( -type f -or -type s ! -name log -and ! -name logpriv \) -delete
 		>/var/run/clean_var
 	fi
 	if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
-		purgedir /var/spool/lock
+		find /var/spool/lock -type f -delete
 		>/var/spool/lock/clean_var
 	fi
-	rm -rf /var/spool/uucp/.Temp/*
+	if [ -d /var/spool/uucp/.Temp ]; then
+		find /var/spool/uucp/.Temp -delete
+	fi
 }
 
 load_rc_config $name

More information about the svn-src-all mailing list