#!/usr/bin/perl # # $OpenBSD: recover,v 1.13 2018/09/17 15:41:17 millert Exp $ # # Script to (safely) recover nvi edit sessions. # use warnings; use strict; use Fcntl; my $recoverdir = $ARGV[0] || "/tmp/vi.recover"; my $sendmail = "/usr/sbin/sendmail"; die "Sorry, $0 must be run as root\n" if $>; # Make the recovery dir if it does not already exist. if (!sysopen(DIR, $recoverdir, O_RDONLY|O_NOFOLLOW) || !stat(DIR)) { die "Warning! $recoverdir is a symbolic link! (ignoring)\n" if -l $recoverdir; mkdir($recoverdir, 01777) || die "Unable to create $recoverdir: $!\n"; chmod(01777, $recoverdir); exit(0); } # # Sanity check the vi recovery dir # die "Warning! $recoverdir is not a directory! (ignoring)\n" unless -d _; die "$0: can't chdir to $recoverdir: $!\n" unless chdir DIR; if (! -O _) { warn "Warning! $recoverdir is not owned by root! (fixing)\n"; chown(0, 0, "."); } if (((stat(_))[2] & 07777) != 01777) { warn "Warning! $recoverdir is not mode 01777! (fixing)\n"; chmod(01777, "."); } # Check editor backup files. opendir(RECDIR, ".") || die "$0: can't open $recoverdir: $!\n"; foreach my $file (readdir(RECDIR)) { next unless $file =~ /^vi\./; # # Unmodified vi editor backup files either have the # execute bit set or are zero length. Delete them. # Anything that is not a normal file gets deleted too. # lstat($file) || die "$0: can't stat $file: $!\n"; if (-x _ || ! -s _ || ! -f _) { unlink($file) unless -d _; } } # # It is possible to get incomplete recovery files if the editor crashes # at the right time. # rewinddir(RECDIR); foreach my $file (readdir(RECDIR)) { next unless $file =~ /^recover\./; if (!sysopen(RECFILE, $file, O_RDONLY|O_NOFOLLOW|O_NONBLOCK)) { warn "$0: can't open $file: $!\n"; next; } # # Delete anything that is not a regular file as that is either # filesystem corruption from fsck or an exploit attempt. # Real vi recovery files are created with mode 0600, ignore others. # if (!stat(RECFILE)) { warn "$0: can't stat $file: $!\n"; close(RECFILE); next; } if (((stat(_))[2] & 07777) != 0600) { close(RECFILE); next; } my $owner = (stat(_))[4]; if (! -f _ || ! -s _) { unlink($file) unless -d _; close(RECFILE); next; } # # Slurp in the recover.* file and search for X-vi-recover-path # (which should point to an existing vi.* file). # my @recfile = ; close(RECFILE); # # Delete any recovery files that have no (or more than one) # corresponding backup file. # my @backups = grep(m#^X-vi-recover-path:\s*\Q$recoverdir\E/+#, @recfile); if (@backups != 1) { unlink($file); next; } # # Make a copy of the backup file path. # We must not modify @backups directly since it contains # references to data in @recfile which we pipe to sendmail. # $backups[0] =~ m#^X-vi-recover-path:\s*\Q$recoverdir\E/+(.*)[\r\n]*$#; my $backup = $1; # # If backup file is not rooted in the recover dir, ignore it. # If backup file owner doesn't match recovery file owner, ignore it. # If backup file is zero length or not a regular file, remove it. # Else send mail to the user. # if ($backup =~ m#/# || !lstat($backup)) { unlink($file); } elsif ($owner != 0 && (stat(_))[4] != $owner) { unlink($file); } elsif (! -f _ || ! -s _) { unlink($file, $backup); } else { open(SENDMAIL, "|$sendmail -t") || die "$0: can't run $sendmail -t: $!\n"; print SENDMAIL @recfile; close(SENDMAIL); } } closedir(RECDIR); close(DIR); exit(0);