[Pkg-sysvinit-commits] r558 - in sysvinit/trunk/debian: . initscripts/etc/init.d

Thomas Hood jdthood-guest at costa.debian.org
Mon Jan 9 22:15:16 UTC 2006 

Author: jdthood-guest
Date: 2006-01-09 22:15:15 +0000 (Mon, 09 Jan 2006)
New Revision: 558

Modified:
   sysvinit/trunk/debian/changelog
   sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh
Log:
Improve bootclean

Modified: sysvinit/trunk/debian/changelog
===================================================================
--- sysvinit/trunk/debian/changelog	2006-01-09 16:10:32 UTC (rev 557)
+++ sysvinit/trunk/debian/changelog	2006-01-09 22:15:15 UTC (rev 558)
@@ -1,8 +1,8 @@
-sysvinit (2.86.ds1-10~2) unstable; urgency=low
+sysvinit (2.86.ds1-10~3) unstable; urgency=low
 
   [ Thomas Hood ]
   * rcS(5): Reword
-  * bootclean.sh: Eliminate unnecessary uses of subshell
+  * bootclean.sh: Restructure and eliminate some uses of subshell
 
  -- Thomas Hood <jdthood at yahoo.co.uk>  Mon,  9 Jan 2006 14:16:02 +0100
 

Modified: sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh
===================================================================
--- sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh	2006-01-09 16:10:32 UTC (rev 557)
+++ sysvinit/trunk/debian/initscripts/etc/init.d/bootclean.sh	2006-01-09 22:15:15 UTC (rev 558)
@@ -1,14 +1,22 @@
 #
-# bootclean.sh	Functions to clean /tmp, /var/run and /var/lock.
+# bootclean.sh
 #
-
-# Environment variables should be set by the caller
-
+# Functions to clean /tmp, /var/run and /var/lock
+#
+# Environment variables should be set by the caller.
 # /lib/lsb/init-functions must be sourced by the caller
 
-cleantmp() {
-	[ -f /tmp/.clean ] && return
+clean_mkflagfile()
+{
+	[ -L "$1" ] && log_warning_msg "bootclean.sh: Deleting symbolic link '$1'."
+	rm -f "$1"
+	# If this is run after bootup then an attacker can create a symlink here
+	# so for extra safety, use noclobber.  (See #264234.)
+	set -o noclobber
+	:> "$1"
+}
 
+cleantmp() {
 	if [ -z "$TMPTIME" ]
 	then
 		log_warning_msg "Defaulting to TMPTIME=0."
@@ -40,10 +48,7 @@
 		DEXPR="-mtime +$TMPTIME -ctime +$TMPTIME"
 	fi
 
-	rm -f /tmp/.clean
-	set -o noclobber
-	:> /tmp/.clean
-	set +o noclobber
+	clean_mkflagfile /tmp/.clean
 
 	#
 	# Only clean out /tmp if it is world-writable. This ensures
@@ -59,7 +64,6 @@
 		! ( -path ./.clean -uid 0 )
 		! ( -path './...security*' -uid 0 )'
 
-	CLEANTMP_SAVE_PWD="$PWD"
 	if cd /tmp && [ "$(find . -maxdepth 0 -perm -002)" = "." ]
 	then
 		# First remove all old files...
@@ -71,8 +75,6 @@
 			-print0 | xargs -0r rmdir --ignore-fail-on-non-empty --
 		rm -f .X*-lock
 	fi
-	cd "$CLEANTMP_SAVE_PWD"
-	unset CLEANTMP_SAVE_PWD
 	[ "$VERBOSE" != no ] && log_action_end_msg 0
 }
 
@@ -80,17 +82,10 @@
 	#
 	# Clean up any stale locks.
 	#
-	[ -f /var/lock/.clean ] && return
 	[ "$VERBOSE" != no ] && log_action_begin_msg "Cleaning /var/lock"
-	CLEANLOCK_SAVE_PWD="$PWD"
 	cd /var/lock && find . ! -type d \
 		-print0 | xargs -0r rm -f --
-	cd "$CLEANLOCK_SAVE_PWD"
-	unset CLEANLOCK_SAVE_PWD
-	rm -f /var/lock/.clean
-	set -o noclobber
-	:> /var/lock/.clean
-	set +o noclobber
+	clean_mkflagfile /var/lock/.clean
 	[ "$VERBOSE" != no ] && log_action_end_msg 0
 }
 
@@ -98,17 +93,10 @@
 	#
 	# Clean up /var/run.
 	#
-	[ -f /var/run/.clean ] && return
 	[ "$VERBOSE" != no ] && log_action_begin_msg "Cleaning /var/run"
-	CLEANRUN_SAVE_PWD="$PWD"
 	cd /var/run && find . ! -xtype d ! -name utmp ! -name innd.pid \
 		-print0 | xargs -0r rm -f --
-	cd "$CLEANRUN_SAVE_PWD"
-	unset CLEANRUN_SAVE_PWD
-	rm -f /var/run/.clean
-	set -o noclobber
-	:> /var/run/.clean
-	set +o noclobber
+	clean_mkflagfile /var/run/.clean
 	[ "$VERBOSE" != no ] && log_action_end_msg 0
 }
 
@@ -116,7 +104,7 @@
 	which find >/dev/null 2>&1 || return 0
 	which xargs >/dev/null 2>&1 || return 0
 
-	# If there are /tmp/.clean files that have not been created by root
+	# If there are flag files that have not been created by root
 	# then remove them
 	for cleandir in /tmp /var/run /var/lock
 	do
@@ -130,16 +118,13 @@
 		fi
 	done
 
-	if \
-		[ -f /tmp/.clean ] \
-		&& [ -f /var/run/.clean ] \
-		&& [ -f /var/lock/.clean ]
-	then
-		return
-	fi
+	[ -f /tmp/.clean ] && [ -f /var/run/.clean ] && [ -f /var/lock/.clean ] && return 0
 
-	[ -d /tmp ] && cleantmp
-	[ -d /var/run ] && cleanrun
-	[ -d /var/lock ] && cleanlock
+	# Run in subshell in order to restore pwd and noclobber setting
+	(
+		[ -d /tmp ] && ! [ -f /tmp/.clean ] && cleantmp
+		[ -d /var/run ] && ! [ -f /var/run/.clean ] && cleanrun
+		[ -d /var/lock ] && ! [ -f /var/lock/.clean ] && cleanlock
+	)
 }

More information about the Pkg-sysvinit-commits mailing list