> Jiri B. wrote on Sat, Dec 04, 2010 at 12:37:03PM +0100:
>
> > I was playing with file flags in /tmp, after reboot I saw
> > that /etc/rc cannot `rm' files with flags.
Perhaps they are not spposed to be removed, since they have those flags.
> When causing an exceptionally ugly mess by hand,
> i'd say cleaning up that mess by hand is a sane approach.
>
> Scripts like rc(8) and daily(8) are supposed to cover maintenance
> issues related to normal and sane usage of the system.
> I'm not sure setting uchg in /tmp belongs into that class.
>
> Besides, if i read the rc(8) code correctly, there is no real problem
> with the current code. The rc(8) script throws error messages,
> which makes sense, but the boot doesn't fail, right?
>
> > - find . ! -name . ! -name lost+found ! -name quota.user \
> > - ! -name quota.group -execdir rm -rf -- {} \; -type d -prune)
> > + find . ! -name . ! -name lost+found ! -name quota.user ! -name
> > quota.group \
> > + -execdir sh -c 'i="{}"
> > + flag="`ls -ldo $i | sed "s/\([^ ]*\)\ \([^ ]*\)\ \([^ ]*\)\ \([^
> > ]*\)\ \([^ ]*\)\(.*\)/\5/"`"
> > + if [ X"$flag" != X"-" ]; then
> > + chflags -R nosappnd,noschg,nouappnd,nouchg $i
> > + fi
> > + rm -rf -- $i' \; -type d -prune)
>
> Even if we would decide to deal with that exotic issue automatically,
>
> -execdir sh -c ... $( ... )
I think this is unacceptably complex and probably unsafe.
> looks like a terrible approach to me. It's exceeding complex, hard
> to understand and probably dangerous. For example, what happens
> if you - as a normal user! - create a file called
>
> ";cd ..;rm -rf home"
>
> This may need a bit of tuning to work, but just trying to work out
> how to design and prevent such attacks leads into a nightmare.
> All this could certainly be done better with find find(1) -flags,
> but i would prefer keeping this code as simple as possible
> and not trying to deal with flags.
If you sit back, you may realize that it is possible that the intent,
all along going back into the past, was to *NOT* do anything special
with those files, and then fail. The problem is perhaps only that
the rm is noisy about the failures.
