mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-28 22:36:24 +01:00
abacbbbf01
goes to a fair degree of trouble to enable something like this to be safe: cd /tmp && find . -mtime +7 -delete It removes both files and directories. It does not attempt to remove immutable files (an earlier version I showed to a few people did a chflags and tried to blow away even immutable files. Too risky..) It is thought to be safe because it forces the fts(3) driven descent to only do "minimal risk" stuff. specifically, -follow is disabled, it does checking to see that it chdir'ed to the directory it thought it was going to, it will *not* pass a pathname with a '/' character in it to unlink(), so it should be totally immune to symlink tree races. If it runs into something "fishy", it bails out rather than blunder ahead.. It's better to do that if somebody is trying to compromise security rather than risk giving them an opportunity. Since the unlink()/rmdir() is being called from within the current working directory during the tree descent, there are no fork/exec overheads or races. As a side effect of this paranoia, you cannot do a "find /somewhere/dir -delete", as the last argument to rmdir() is "/somewhere/dir", and the checking won't allow it. Besides, one would use rm -rf for that case anyway. :-) Reviewed by: pst (some time ago, but I've removed the immutable file deletion code that he complained about since he last saw it)
109 lines
4.1 KiB
C
109 lines
4.1 KiB
C
/*-
|
|
* Copyright (c) 1990, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* This code is derived from software contributed to Berkeley by
|
|
* Cimarron D. Taylor of the University of California, Berkeley.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)find.h 8.1 (Berkeley) 6/6/93
|
|
*/
|
|
|
|
/* node type */
|
|
enum ntype {
|
|
N_AND = 1, /* must start > 0 */
|
|
N_ATIME, N_CLOSEPAREN, N_CTIME, N_DEPTH, N_EXEC, N_EXPR, N_FOLLOW,
|
|
N_FSTYPE, N_GROUP, N_INUM, N_LINKS, N_LS, N_MTIME, N_NAME, N_NEWER,
|
|
N_NOGROUP, N_NOT, N_NOUSER, N_OK, N_OPENPAREN, N_OR, N_PATH,
|
|
N_PERM, N_PRINT, N_PRUNE, N_SIZE, N_TYPE, N_USER, N_XDEV,
|
|
N_PRINT0, N_DELETE
|
|
};
|
|
|
|
/* node definition */
|
|
typedef struct _plandata {
|
|
struct _plandata *next; /* next node */
|
|
int (*eval) /* node evaluation function */
|
|
__P((struct _plandata *, FTSENT *));
|
|
#define F_EQUAL 1 /* [acm]time inum links size */
|
|
#define F_LESSTHAN 2
|
|
#define F_GREATER 3
|
|
#define F_NEEDOK 1 /* exec ok */
|
|
#define F_MTFLAG 1 /* fstype */
|
|
#define F_MTTYPE 2
|
|
#define F_ATLEAST 1 /* perm */
|
|
int flags; /* private flags */
|
|
enum ntype type; /* plan node type */
|
|
union {
|
|
gid_t _g_data; /* gid */
|
|
ino_t _i_data; /* inode */
|
|
mode_t _m_data; /* mode mask */
|
|
nlink_t _l_data; /* link count */
|
|
off_t _o_data; /* file size */
|
|
time_t _t_data; /* time value */
|
|
uid_t _u_data; /* uid */
|
|
short _mt_data; /* mount flags */
|
|
struct _plandata *_p_data[2]; /* PLAN trees */
|
|
struct _ex {
|
|
char **_e_argv; /* argv array */
|
|
char **_e_orig; /* original strings */
|
|
int *_e_len; /* allocated length */
|
|
} ex;
|
|
char *_a_data[2]; /* array of char pointers */
|
|
char *_c_data; /* char pointer */
|
|
} p_un;
|
|
} PLAN;
|
|
#define a_data p_un._a_data
|
|
#define c_data p_un._c_data
|
|
#define i_data p_un._i_data
|
|
#define g_data p_un._g_data
|
|
#define l_data p_un._l_data
|
|
#define m_data p_un._m_data
|
|
#define mt_data p_un._mt_data
|
|
#define o_data p_un._o_data
|
|
#define p_data p_un._p_data
|
|
#define t_data p_un._t_data
|
|
#define u_data p_un._u_data
|
|
#define e_argv p_un.ex._e_argv
|
|
#define e_orig p_un.ex._e_orig
|
|
#define e_len p_un.ex._e_len
|
|
|
|
typedef struct _option {
|
|
char *name; /* option name */
|
|
enum ntype token; /* token type */
|
|
PLAN *(*create)(); /* create function: DON'T PROTOTYPE! */
|
|
#define O_NONE 0x01 /* no call required */
|
|
#define O_ZERO 0x02 /* pass: nothing */
|
|
#define O_ARGV 0x04 /* pass: argv, increment argv */
|
|
#define O_ARGVP 0x08 /* pass: *argv, N_OK || N_EXEC */
|
|
int flags;
|
|
} OPTION;
|
|
|
|
#include "extern.h"
|