Mercurial > pkg
view previous-work/more_control_helpers/bin/forall_direntries_from @ 20:c75924bd38e3
fix security hole relating to path for package user.
author | Robert McIntyre <rlm@mit.edu> |
---|---|
date | Thu, 10 Jan 2013 04:25:17 +0000 |
parents | d6bef198ae71 |
children |
line wrap: on
line source
1 #!/bin/bash2 # Copyright (c) 2004 Matthias S. Benkmann <article AT winterdrache DOT de>3 # You may do everything with this code except misrepresent its origin.4 # PROVIDED `AS IS' WITH ABSOLUTELY NO WARRANTY OF ANY KIND!6 #The following list should contain the mount points of all filesystems7 #that are to be scanned as a space-separated list within parentheses.8 #/ will usually be in this list and if you have /usr9 #on a separate partition, it will also be in this list. Other non-special10 #filesystems where package users could own files should also be put in this11 #list.12 #Mount points whose filesystems are special, such as procfs or sysfs must13 #not be in this list. While a simple find on those special filesystems should14 #be harmless, operations such as "-exec grep something" are NOT SAFE and may15 #have HARMFUL SIDE-EFFECTS, especially when performed as root.16 fs_to_scan=(/)18 #Files with a path prefix found in the following list are ignored.19 #This list will usually contain the parent directory of your package users'20 #home directories, because normally you don't want to scan those. You can21 #also add other directories that will never contain package user files, such22 #as /home. This reduces scan time.23 #NOTE: The LFS-6.0 book uses a ramfs mounted on /dev and with that setup24 #/dev does not need to be in the prune list. But since there is no requirement25 #that /dev have its on filesystem it's better to prune it explicitly.26 prune_prefixes=(/home /usr/src /dev /tools) #NO TRAILING SLASHES!!!!28 if [ $# -lt 1 -o "$1" = "--help" ]; then29 echo 1>&230 echo 1>&2 'USAGE: '"${0##*/}"' <user_or_group_name> [<find-commands>]'31 echo 1>&232 echo 1>&2 ' If <find-commands> contains no action other than -prune, -print will be'33 echo 1>&2 ' executed for all matching files.'34 echo 1>&2 ' Entries will be matched if group and/or user equals <user_or_group_name>'35 echo 1>&2 ' (numeric UID/GID allowed).'36 echo 1>&2 ' All matching entries will be acted on, including device special files, so'37 echo 1>&2 ' you should be extra careful with the <find-commands> you provide!'38 echo 1>&239 exit 140 fi42 #suppress ugly debug output from shell43 trap ':' SIGPIPE45 ugname="$1"46 shift 1 #remove user_or_group_name from argument list48 # Recent versions of find issue a warning if "-depth" is listed after a49 # non-option argument. To prevent this warning if -depth is passed to50 # this script, we pick up the "-depth" argument here to move it to the51 # front later on.52 depth=""53 if [ "_$1" = "_-depth" ]; then54 depth=-depth55 shift 156 fi58 ugmatcher=(-false)59 #test if find accepts ugname as a user, and append to ugmatcher if it does60 if find / -maxdepth 0 -user "$ugname" >/dev/null 2>&1 ; then61 ugmatcher[${#ugmatcher[@]}]="-or"62 ugmatcher[${#ugmatcher[@]}]="-user"63 ugmatcher[${#ugmatcher[@]}]="$ugname"64 fi65 #test if find accepts ugname as a group, and append to ugmatcher if it does66 if find / -maxdepth 0 -group "$ugname" >/dev/null 2>&1 ; then67 ugmatcher[${#ugmatcher[@]}]="-or"68 ugmatcher[${#ugmatcher[@]}]="-group"69 ugmatcher[${#ugmatcher[@]}]="$ugname"70 fi72 #if find accepted ugname as neither user nor group, then exit73 if [ "${#ugmatcher[@]}" = 1 ]; then74 echo 1>&2 'find does not accept `'"$ugname'"' as group or user name'75 exit 176 fi78 #construct find commands that match the prune_prefixes. Each prefix will be79 #matched as -path <prefix> -or -path <prefix>/*80 #so that the directory itself and all subdirectories are matched.81 y=(\( -false)82 for ((i=0; $i<${#prune_prefixes[@]}; i=$i+1))83 do84 y[${#y[@]}]='-or'85 y[${#y[@]}]=-path86 y[${#y[@]}]="${prune_prefixes[$i]}"87 y[${#y[@]}]='-or'88 y[${#y[@]}]=-path89 y[${#y[@]}]="${prune_prefixes[$i]}/*"90 done91 y[${#y[@]}]=')'93 #In the following find command, the part94 # -not ( ( "${y[@]}" -prune ) -or "${y[@]}" )95 #is responsible for preventing the files that match prune_prefixes from96 #being processed. The 2nd "${y[@]}" may seem redundant, but it isn't, because97 #-prune has no effect and is always false when -depth is used.98 #The -true before "$@" ensures that -depth can be passed as only parameter.99 find "${fs_to_scan[@]}" $depth -xdev -noleaf \100 -not \( \( "${y[@]}" -prune \) -or "${y[@]}" \) \101 -and \( "${ugmatcher[@]}" \) -and \( -true "$@" \)