diff options
| author | Otto Moerbeek <otto@cvs.openbsd.org> | 2005-09-30 06:50:45 +0000 |
|---|---|---|
| committer | Otto Moerbeek <otto@cvs.openbsd.org> | 2005-09-30 06:50:45 +0000 |
| commit | 13343797a4722339fb29279d716f2ca333c70189 (patch) | |
| tree | 28ef9a29e8f5f16a487e230b8aa5a3fa79a4aba2 /usr.bin | |
| parent | d7b2fe695263ec83098ee5d7f66866dd6dc8eba3 (diff) | |
Ensure we do not compress files we need for decompressing by also
checking hard links. From Andrew Dalgleish. ok deraadt@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/compress/gzexe | 36 | ||||
| -rw-r--r-- | usr.bin/compress/gzexe.1 | 6 |
2 files changed, 38 insertions, 4 deletions
diff --git a/usr.bin/compress/gzexe b/usr.bin/compress/gzexe index 710622aa05d..84ee633e20f 100644 --- a/usr.bin/compress/gzexe +++ b/usr.bin/compress/gzexe @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: gzexe,v 1.3 2003/08/05 18:22:17 deraadt Exp $ +# $OpenBSD: gzexe,v 1.4 2005/09/30 06:50:44 otto Exp $ # # Copyright (c) 2003 Otto Moerbeek <otto@drijf.net> # @@ -88,7 +88,7 @@ check () { fi case `basename "$1"` in - sh | mktemp | rm | echo | tail | gzip | chmod) + sh | mktemp | rm | echo | tail | gzip | chmod | basename) echo "$prog: cannot compress $1, I depend on it" return 1 esac @@ -102,6 +102,38 @@ check () { echo "$prog: cannot compress $1, it has an s bit set" return 1 fi + + # Build a list of files we should not compress. + # * files we need to decompress + CHECK_LIST=" + /bin/chmod + /bin/echo + /bin/sh + /bin/rm + /usr/bin/basename + /usr/bin/gzip + /usr/bin/mktemp + /usr/bin/tail + " + # * files in /bin and /sbin (decompression fails if /usr/bin is not mounted) + # (You could skip these if /usr/bin is always mounted on the same mount point.) + CHECK_LIST="$CHECK_LIST + /bin/* + /sbin/* + " + # See if the program we are trying to compress is in the list. + # To avoid compressing hardlinked files (eg compress & gzip) + # we compare the device & inode. + PROG_STAT_INFO=`stat -f '%d %i' "$1"` + for CHECK in $CHECK_LIST; do + if test -f "$CHECK"; then + CHECK_STAT_INFO=`stat -f '%d %i' "$CHECK"` + if test "X$PROG_STAT_INFO" == "X$CHECK_STAT_INFO"; then + echo "$prog: cannot compress $1, it is the same file as $CHECK" + return 1 + fi + fi + done } # Compress a file diff --git a/usr.bin/compress/gzexe.1 b/usr.bin/compress/gzexe.1 index 4c90be11acc..f781383ad12 100644 --- a/usr.bin/compress/gzexe.1 +++ b/usr.bin/compress/gzexe.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: gzexe.1,v 1.2 2003/12/28 15:00:32 jmc Exp $ +.\" $OpenBSD: gzexe.1,v 1.3 2005/09/30 06:50:44 otto Exp $ .\" .\" Copyright (c) 2003 Otto Moerbeek <otto@drijf.net> .\" @@ -51,9 +51,11 @@ The program refuses to compress non-regular or non-executable files, files with a setuid or setgid bit set, files that are already compressed using -.Nm +.Nm , +files in /bin or /sbin, or programs it needs to perform on-the-fly decompression: .Xr sh 1 , +.Xr basename 1 , .Xr mktemp 1 , .Xr rm 1 , .Xr echo 1 , |