On Fri, Apr 21, 2000 at 08:43 +0200, Peter Münster wrote:
If MAX_DAYS_IN_TMP > 0 in /etc/rc.config, a local user can delete arbitrary files on the system by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d
Here the patch for suse-package aaa_base-2000.1.3-0:
--- aaa_base~ Mon Jan 3 18:16:55 2000 +++ aaa_base Fri Apr 21 08:42:19 2000 @@ -158,20 +158,10 @@ done
for TMP_DIR in $TMP_DIRS_TO_CLEAR ; do - for DEL_FILE in `find $TMP_DIR/. $OMIT \( -type f -o -type l \) \ - -atime +$MAX_DAYS_IN_TMP | sort -r` ; do - rm -f $DEL_FILE - DEL_DIR=`dirname $DEL_FILE` - if [ "$DEL_DIR" != "$TMP_DIR/." ] ; then - rmdir $DEL_DIR 2> /dev/null - fi - done - done - for DEL_DIR in `find $TMP_DIR/. $OMIT \( -type d \) \ - -ctime +$MAX_DAYS_IN_TMP | sort -r` ; do - if [ "$DEL_DIR" != "$TMP_DIR/." ] ; then - rmdir $DEL_DIR 2> /dev/null - fi + find $TMP_DIR/. $OMIT ! -type d \ + -atime +$MAX_DAYS_IN_TMP -exec rm -f '{}' ';' + find $TMP_DIR/. $OMIT -depth -type d -empty -mindepth 1 \ + -mtime +$MAX_DAYS_IN_TMP -exec rmdir '{}' ';' done fi
Besides the fact that the above (original) "for DEL_FILE in `find ...`; do" won't work for many (some 4K) files or longer command lines, your suggestion ("find ... -exec") is quite expensive in terms of cpu load (i.e. process creation). Make it read "find ... -print0 | xargs --null rm/rmdir" and the result should be space aware *and* cost effective. Since the original tried to rmdir anyway (with stderr directed to /dev/null) your simpler notation is even better to read and maintain. To summarize, let me cite the full result here: ----------------------------------------------------------------- [ ... ] for TMP_DIR in $TMP_DIRS_TO_CLEAR ; do find $TMP_DIR/. $OMIT ! -type d \ -atime +$MAX_DAYS_IN_TMP -print0 | \ xargs --null rm -f find $TMP_DIR/. $OMIT -depth -type d -empty -mindepth 1 \ -mtime +$MAX_DAYS_IN_TMP -print0 | \ xargs --null rmdir done [ ... ] ----------------------------------------------------------------- virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.