diff -rNu a/man/rm.1 b/man/rm.1 --- a/man/rm.1 2004-03-02 23:52:30.000000000 +0100 +++ b/man/rm.1 2005-06-02 12:42:47.000000000 +0200 @@ -1,5 +1,5 @@ .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33. -.TH RM "1" "March 2004" "rm (coreutils) 5.2.1" "User Commands" +.TH RM "1" "June 2005" "rm (coreutils) 5.2.1" "User Commands" .SH NAME rm \- remove files or directories .SH SYNOPSIS @@ -18,6 +18,14 @@ .B rm prompts the user for whether to remove the file. If the response does not begin with `y' or `Y', the file is skipped. +.P +.B rm +, before deleting a file, loads from /etc/rm.conf and ~/.rm.conf +the list of protected files and directories. When +.B rm +tries to remove a file or a directory, it checks if it is in the protected list. +If it is, the deletion of the file is skipped. +To force the deletion of a protected file the \fI\-ff\fR option must be used. .SH OPTIONS .PP Remove (unlink) the FILE(s). @@ -61,6 +69,8 @@ Note that if you use rm to remove a file, it is usually possible to recover the contents of that file. If you want more assurance that the contents are truly unrecoverable, consider using shred. +.SH FILES +You can cp the rm.conf you find here to /etc, read it to know the syntax. .SH AUTHOR Written by Paul Rubin, David MacKenzie, Richard Stallman, and Jim Meyering. .SH "REPORTING BUGS" diff -rNu a/man/rm.x b/man/rm.x --- a/man/rm.x 2003-09-26 15:46:00.000000000 +0200 +++ b/man/rm.x 2005-06-02 12:42:06.000000000 +0200 @@ -13,6 +13,20 @@ .B rm prompts the user for whether to remove the file. If the response does not begin with `y' or `Y', the file is skipped. +.P +.B rm +, before deleting a file, loads from /etc/rm.conf and ~/.rm.conf +the list of protected files and directories. When +.B rm +tries to remove a file or a directory, it checks if it is in the protected list. +If it is, the deletion of the file is skipped. +To force the deletion of a protected file the \fI\-ff\fR option must be used. .SH OPTIONS +[FILES] +You can cp the rm.conf you find here to /etc, read it to know the syntax. + +/etc/rm.conf Global protected files and directories list. +~/.rm.conf Local rm.conf file. The list will be appended to /etc/rm.conf + when rm is runned. [SEE ALSO] chattr(1), shred(1) diff -rNu a/src/remove.c b/src/remove.c --- a/src/remove.c 2003-11-09 08:31:51.000000000 +0100 +++ b/src/remove.c 2005-06-02 12:41:45.000000000 +0200 @@ -15,7 +15,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/* Extracted from rm.c and librarified, then rewritten by Jim Meyering. */ +/* Extracted from rm.c and librarified, then rewritten by Jim Meyering. + * + * Added the rum protection by Andrea Lo Pumo aka AlpT (@freaknet.org) + */ #include #include @@ -36,6 +39,7 @@ #include "quote.h" #include "remove.h" #include "root-dev-ino.h" +#include "rum.c" /* Avoid shadowing warnings because these are functions declared in dirname.h as well as locals used below. */ @@ -674,6 +678,22 @@ { Ternary is_dir; Ternary is_empty_directory; + char path[PATH_MAX], old_cwd[PATH_MAX], name[PATH_MAX], fn[PATH_MAX]; + int po; + + + memset(path, 0, PATH_MAX); + memset(name, 0, PATH_MAX); + memset(old_cwd, 0, PATH_MAX); + + getcwd(old_cwd, PATH_MAX); + + /* remove the trailing '/' */ + strcpy(name, filename); + if(name[strlen(filename)-1] == '/') + name[strlen(filename)-1]='\0'; + + enum RM_status s = prompt (ds, filename, x, PA_DESCEND_INTO_DIR, &is_dir, &is_empty_directory); @@ -717,17 +737,53 @@ } } + + if (is_dir == T_NO) - { - /* At this point, barring race conditions, FILENAME is known - to be a non-directory, so it's ok to try to unlink it. */ - DO_UNLINK (filename, x); + { + /* Get the absolute path of `filename' and check if it is a protected + * file */ + reverse_split(name, '/', fn, path); + if (!fn[0] && !path[0]) { + getcwd(path, PATH_MAX); + strcpy(fn, name); + } else if(!path[0]) { + path[0]=0; + } else { + chdir(path); + getcwd(path, PATH_MAX); + chdir(old_cwd); + } + if(path[strlen(path)-1] != '/') + strncat(path, "/", PATH_MAX-strlen(path)); + strncat(path, fn, PATH_MAX-strlen(path)); + if(x->fforce < 2 && rum_check_entry(path)) { + fprintf(stderr, "Skipping %s\n", path); + return RM_OK; + } + + /* At this point, barring race conditions, FILENAME is known + to be a non-directory, so it's ok to try to unlink it. */ + DO_UNLINK (filename, x); + + /* unlink failed with some other error code. report it. */ + error (0, errno, _("cannot remove %s"), + quote (full_filename (filename))); + return RM_ERROR; + } - /* unlink failed with some other error code. report it. */ - error (0, errno, _("cannot remove %s"), - quote (full_filename (filename))); - return RM_ERROR; - } + if(is_dir == T_YES) { + /* Get the absolute path of `filename' and check if it is a protected + * directory */ + chdir(name); + getcwd(path, PATH_MAX); + chdir(old_cwd); + + if(x->fforce < 2 && rum_check_entry(path)) { + fprintf(stderr, "Skipping %s\n", path); + return RM_OK; + } + } if (! x->recursive) { @@ -753,6 +809,38 @@ return RM_ERROR; } + /* + * check for rm.conf protected files. + * We use chdir and getcwd to get the effective absolute path, so we can + * handle also filenames like "../dir/file" + */ + if(!chdir(name)) { + /* `name' is a directory */ + getcwd(path, PATH_MAX); + chdir(old_cwd); + } else { + reverse_split(name, '/', fn, path); + if (!fn[0] && !path[0]) { + getcwd(path, PATH_MAX); + strcpy(fn, name); + } else if(!path[0]) { + path[0]=0; + } else { + chdir(path); + getcwd(path, PATH_MAX); + chdir(old_cwd); + } + if(path[strlen(path)-1] != '/') + strncat(path, "/", PATH_MAX-strlen(path)); + strncat(path, fn, PATH_MAX-strlen(path)); + } + + if(x->fforce < 2 && rum_check_entry(path)) { + fprintf(stderr, "Skipping %s\n", path); + return RM_OK; + } + + /* is_empty_directory is set iff it's ok to use rmdir. Note that it's set only in interactive mode -- in which case it's an optimization that arranges so that the user is asked just @@ -997,6 +1085,7 @@ return RM_ERROR; } + if (chdir (dir)) { if (! S_ISDIR (dir_sb.st_mode)) @@ -1137,6 +1226,8 @@ static enum RM_status status = RM_OK; static size_t i; + rum_init(); + ds = ds_init (); for (i = 0; i < n_files; i++) @@ -1156,6 +1247,8 @@ ds_free (ds); + rum_free_all(); + XFREE (cwd_state); return status; diff -rNu a/src/remove.h b/src/remove.h --- a/src/remove.h 2003-11-07 09:08:32.000000000 +0100 +++ b/src/remove.h 2005-06-02 12:41:45.000000000 +0200 @@ -14,6 +14,9 @@ /* If nonzero, recursively remove directories. */ int recursive; + /* Force the deletion of a protected file/directory */ + int fforce; + /* Pointer to the device and inode numbers of `/', when --recursive. Otherwise NULL. */ struct dev_ino *root_dev_ino; diff -rNu a/src/rm.c b/src/rm.c --- a/src/rm.c 2004-01-21 23:27:02.000000000 +0100 +++ b/src/rm.c 2005-06-02 12:41:45.000000000 +0200 @@ -16,7 +16,9 @@ Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /* Written by Paul Rubin, David MacKenzie, and Richard Stallman. - Reworked to use chdir and avoid recursion by Jim Meyering. */ + Reworked to use chdir and avoid recursion by Jim Meyering. + Added the rum protection by Andrea Lo pumo aka AlpT(@freaknet.org) + */ /* Implementation overview: @@ -113,6 +115,8 @@ (super-user only; this works only if your system\n\ supports `unlink' for nonempty directories)\n\ -f, --force ignore nonexistent files, never prompt\n\ + -ff, --force --force ignore /etc/rm.conf, ~/.rm.conf and remove\n\ + protected files\n\ -i, --interactive prompt before any removal\n\ "), stdout); fputs (_("\ @@ -149,6 +153,7 @@ x->unlink_dirs = 0; x->ignore_missing_files = 0; x->interactive = 0; + x->fforce = 0; x->recursive = 0; x->root_dev_ino = NULL; x->stdin_tty = isatty (STDIN_FILENO); @@ -187,6 +192,7 @@ case 'f': x.interactive = 0; x.ignore_missing_files = 1; + x.fforce++; break; case 'i': diff -rNu a/src/rum.c b/src/rum.c --- a/src/rum.c 1970-01-01 01:00:00.000000000 +0100 +++ b/src/rum.c 2005-06-02 12:41:45.000000000 +0200 @@ -0,0 +1,201 @@ +/* susu: It is a simple wrapper tu su - root. + * It reads a list of userid from the SUSU_FILE file then it checks if the user who + * started susu is present in the list. If the check is positive, the user will + * became ROOT with su - ROOT. + * Note: susu must be suided root, to run effectively. + * Note2: You may need to change the SU_PATH and the ROOT defines + * + * Compile with: # gcc susu.c -o susu + * then: # chown root:wheel susu susu_suauth + * and: # chmod 6755 susu; chmod 644 susu_suauth + * finally: # cp susu /usr/bin/; cp susu_suauth /etc/ + * Enjoy! + * All this code is under GPL-2, do whatever you like with it. + * AlpT (@freaknet.org)*/ + +#include +#include +#include +#include +#include +#include +#include +#include +extern int errno; + +#define RUM_FILE_GLOBAL "/etc/rm.conf" +#define RUM_FILE_LOCAL ".rm.conf" + +#define NEW_ALLOC 256 +char **rum_entries; +int rum_alloced, rum_counter; + + +/* + * dir_reverse_split: split the `str' string in two: in `a' puts all the + * characters that goes from the last occurece of `d' in the `str' to the end of + * the line. In `b' are stored all the characters that goes from the start of + * `str' to the last occurence of `d'. + * `a' and `b' must be of the same size of `str'. + * `b' is null if the last occurence is the first char of the `str'. + * `a' is null if the last occurence is the last char of the `str' + * `a' and `b' are null when there isn't a `d' occurence in the str. + * `a' and `b' are null terminated. + * The delimiter char `d' is not included in `a' and `b' + */ +char *reverse_split(char *str, char d, char *a, char *b) +{ + int i, e, f; + + if(a) + a[0]=0; + if(b) + b[0]=0; + e=0; + + for(i=strlen(str)-1, f=0; i >= 0; i--) { + if(str[i] == d) { + f=i; + b[f+1]=0; + for(f=i; f >= 0; f--) + b[f]=str[f]; + e=1; + break; + } + } + if(!e) { + if(b) + b[0]=0; + return 0; + } + + b[strlen(b)-1]=0; + + if(a) { + b=strrchr(str, d); + strcpy(a, b+1); + } + + return str; +} + +const char *print_user (uid_t uid) +{ + struct passwd *pwd = NULL; + static char uname[LOGIN_NAME_MAX]; + + pwd = (struct passwd *)getpwuid (uid); + if (pwd == NULL) + fprintf (stderr, "cannot find name for user ID %u", uid); + + if (pwd == NULL) + sprintf(uname, "%u", (unsigned) uid); + else + strncpy(uname, pwd->pw_name , LOGIN_NAME_MAX); + + return uname; +} + +int rum_new_alloc(void) +{ + int old_alloc, i; + + old_alloc=rum_alloced; + rum_alloced+=NEW_ALLOC; + if(!old_alloc) + rum_entries=malloc(sizeof(char *) * rum_alloced); + else + rum_entries=realloc(rum_entries, sizeof(char *) * rum_alloced); + + for(i=old_alloc; i rum_alloced) + i=rum_new_alloc(); + + fgets(rum_entries[i], PATH_MAX, fd); + if(rum_entries[i][0]=='#' || rum_entries[i][0]=='\n') + continue; + + /* Strip the terminating newline */ + rum_entries[i][strlen(rum_entries[i])-1] = '\0'; + if(rum_entries[i][strlen(rum_entries[i])-1] == '/') + rum_entries[i][strlen(rum_entries[i])-1] = '\0'; + + i++; + rum_counter++; + } + + fclose(fd); + return 0; +} + +/* It returns 1 if the `name' string is found in the `run_entries' list */ +int rum_check_entry(const char *name) +{ + int i; + + for(i=0; i < rum_counter; i++) + if(!strcmp(name, rum_entries[i])) + return 1; + + return 0; +} + +int rum_init() +{ + int i=0; + char local_conf[PATH_MAX]="/home/"; + + rum_entries = 0; + rum_alloced = rum_counter = 0; + + rum_new_alloc(); + + i=rum_load_conf(RUM_FILE_GLOBAL, 1); + + strncat(local_conf, print_user (getuid()), LOGIN_NAME_MAX); + strncat(local_conf, "/"RUM_FILE_LOCAL, strlen("/"RUM_FILE_LOCAL)); + i+=rum_load_conf(local_conf, 0); + +/* + for(i=0; i < rum_counter; i++) + printf("%s\n", rum_entries[i]); +*/ + if(i < -1) + rum_free_all(); + + return 0; +}