HardenedBSD/usr.bin/find/option.c
Peter Wemm abacbbbf01 Implement a -delete option to find. The code is extremely paranoid and
goes to a fair degree of trouble to enable something like this to
be safe:  cd /tmp && find . -mtime +7 -delete

It removes both files and directories.  It does not attempt to remove
immutable files (an earlier version I showed to a few people did a chflags
and tried to blow away even immutable files.  Too risky..)

It is thought to be safe because it forces the fts(3) driven descent to
only do "minimal risk" stuff.  specifically, -follow is disabled, it does
checking to see that it chdir'ed to the directory it thought it was
going to, it will *not* pass a pathname with a '/' character in it to
unlink(), so it should be totally immune to symlink tree races.  If it runs
into something "fishy", it bails out rather than blunder ahead.. It's better
to do that if somebody is trying to compromise security rather than risk
giving them an opportunity.  Since the unlink()/rmdir() is being called
from within the current working directory during the tree descent, there
are no fork/exec overheads or races.

As a side effect of this paranoia, you cannot do a
"find /somewhere/dir -delete", as the last argument to rmdir() is
"/somewhere/dir", and the checking won't allow it.  Besides, one would use
rm -rf for that case anyway. :-)

Reviewed by: pst (some time ago, but I've removed the immutable file
deletion code that he complained about since he last saw it)
1996-10-04 12:54:07 +00:00

153 lines
4.7 KiB
C

/*-
* Copyright (c) 1990, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Cimarron D. Taylor of the University of California, Berkeley.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char sccsid[] = "@(#)option.c 8.2 (Berkeley) 4/16/94";
#endif /* not lint */
#include <sys/types.h>
#include <sys/stat.h>
#include <err.h>
#include <fts.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "find.h"
static OPTION *option __P((char *));
/* NB: the following table must be sorted lexically. */
static OPTION const options[] = {
{ "!", N_NOT, c_not, O_ZERO },
{ "(", N_OPENPAREN, c_openparen, O_ZERO },
{ ")", N_CLOSEPAREN, c_closeparen, O_ZERO },
{ "-a", N_AND, NULL, O_NONE },
{ "-and", N_AND, NULL, O_NONE },
{ "-atime", N_ATIME, c_atime, O_ARGV },
{ "-ctime", N_CTIME, c_ctime, O_ARGV },
{ "-delete", N_DELETE, c_delete, O_ZERO },
{ "-depth", N_DEPTH, c_depth, O_ZERO },
{ "-exec", N_EXEC, c_exec, O_ARGVP },
{ "-follow", N_FOLLOW, c_follow, O_ZERO },
{ "-fstype", N_FSTYPE, c_fstype, O_ARGV },
{ "-group", N_GROUP, c_group, O_ARGV },
{ "-inum", N_INUM, c_inum, O_ARGV },
{ "-links", N_LINKS, c_links, O_ARGV },
{ "-ls", N_LS, c_ls, O_ZERO },
{ "-mtime", N_MTIME, c_mtime, O_ARGV },
{ "-name", N_NAME, c_name, O_ARGV },
{ "-newer", N_NEWER, c_newer, O_ARGV },
{ "-nogroup", N_NOGROUP, c_nogroup, O_ZERO },
{ "-nouser", N_NOUSER, c_nouser, O_ZERO },
{ "-o", N_OR, c_or, O_ZERO },
{ "-ok", N_OK, c_exec, O_ARGVP },
{ "-or", N_OR, c_or, O_ZERO },
{ "-path", N_PATH, c_path, O_ARGV },
{ "-perm", N_PERM, c_perm, O_ARGV },
{ "-print", N_PRINT, c_print, O_ZERO },
{ "-print0", N_PRINT0, c_print0, O_ZERO },
{ "-prune", N_PRUNE, c_prune, O_ZERO },
{ "-size", N_SIZE, c_size, O_ARGV },
{ "-type", N_TYPE, c_type, O_ARGV },
{ "-user", N_USER, c_user, O_ARGV },
{ "-xdev", N_XDEV, c_xdev, O_ZERO },
};
/*
* find_create --
* create a node corresponding to a command line argument.
*
* TODO:
* add create/process function pointers to node, so we can skip
* this switch stuff.
*/
PLAN *
find_create(argvp)
char ***argvp;
{
register OPTION *p;
PLAN *new;
char **argv;
argv = *argvp;
if ((p = option(*argv)) == NULL)
errx(1, "%s: unknown option", *argv);
++argv;
if (p->flags & (O_ARGV|O_ARGVP) && !*argv)
errx(1, "%s: requires additional arguments", *--argv);
switch(p->flags) {
case O_NONE:
new = NULL;
break;
case O_ZERO:
new = (p->create)();
break;
case O_ARGV:
new = (p->create)(*argv++);
break;
case O_ARGVP:
new = (p->create)(&argv, p->token == N_OK);
break;
default:
abort();
}
*argvp = argv;
return (new);
}
static OPTION *
option(name)
char *name;
{
OPTION tmp;
int typecompare __P((const void *, const void *));
tmp.name = name;
return ((OPTION *)bsearch(&tmp, options,
sizeof(options)/sizeof(OPTION), sizeof(OPTION), typecompare));
}
int
typecompare(a, b)
const void *a, *b;
{
return (strcmp(((OPTION *)a)->name, ((OPTION *)b)->name));
}