How do I make sure I never erase my own disk?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
danf_1979
Forum Commoner
Posts: 72
Joined: Sun Feb 20, 2005 9:46 pm

How do I make sure I never erase my own disk?

Post by danf_1979 »

Code: Select all

<?php
	function _do_delete() {
		if ( is_array($this->do_delete) ) {	
			foreach ($this->do_delete as $value) {
				system("rm -rf ".$this->path_to_delete."/".$value);
			}
		}
	}
?>
How do I make sure I never erase my own disk?
I'm newbie at php so I would like if someone could give some topics about this or a general idea of what function could I use to do some comprobations?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

If you must use such a command, realpath() can help you check where the path will actually hit. However, if you're wanting to delete files, use unlink() instead.
danf_1979
Forum Commoner
Posts: 72
Joined: Sun Feb 20, 2005 9:46 pm

Post by danf_1979 »

Ok now I know what I want. I need that all directories to be deleted must be inside a given directory, for example /var/www. If directories to delete are in a directory outside /var/www/ the command should not be executed.
What should I study to get this done?

Many thanks!!

do_delete is an array with the directories to be deleted.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

As far as I'm aware, if you use unlink() like feyd suggested it wouldn't ever delete itself, so therefore you wouldn't need all this fancy validation you ask about, just make sure that yourscript.php is on the disk you dont want to wipe.

unlink() can't delete directories but there's a snippet in the Snippets forum that I posted which is recursive.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Yikes.... I hope to high heaven you test this inside-out, outside-in upside-down, back-to-front from the moon....

If either of those two variables either side of the / end up empty you're risking major system issues. Luckily the apache user should be something with hardly any system permissions but still this looks like one heck of a risky function ;)

I might also suggest chrooting the apache user to minimize such a risk as much as possible.
danf_1979
Forum Commoner
Posts: 72
Joined: Sun Feb 20, 2005 9:46 pm

Post by danf_1979 »

This is not runned by apache but a deamon that runs as root. This function is used to erase some not needed directories after a copy has been made.
For example, I copy files and directories from /var/www/installers/[given_script]/html/* to /var/www/web[web[ID]/web/[given_dir] and then delete /var/www/web[ID]/web/[given_dir]/[do_delete] where do_delete is an array of not needed directories.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

danf_1979 wrote:This is not runned by apache but a deamon that runs as root. This function is used to erase some not needed directories after a copy has been made.
For example, I copy files and directories from /var/www/installers/[given_script]/html/* to /var/www/web[web[ID]/web/[given_dir] and then delete /var/www/web[ID]/web/[given_dir]/[do_delete] where do_delete is an array of not needed directories.
Are the files to delete owned by root? I'd strongly advise running it under another user if not. I know I certainly wouldn't write such a script that runs as root ;) It's a potential nightmare. And if you *do* have to run it as root I suggest as chroot as I said above, unless you need access right from / upwards.
danf_1979
Forum Commoner
Posts: 72
Joined: Sun Feb 20, 2005 9:46 pm

Post by danf_1979 »

Directories to delete are in users homes (/var/www/web[ID]/web).
This works but I dont know if it can be better:

Code: Select all

class install
.
.
.

    function _do_delete() {

    	$allowed = array('/var/www/web');

	if(in_array(substr($this->path_to_delete,0,12), $allowed)) {
		if ( is_array($this->do_delete) ) {    
			foreach ($this->do_delete as $value) {
				print "rm -rf ".$this->path_to_delete."/".$value;			
				//system("rm -rf ".$this->path_to_delete."/".$value);
        			}
			}
		}
	else {
		echo 'Access denied.';
		}
	}

}


$install = new install;
$install->path_to_delete = "/var/www/web8/web/script";
$install->do_delete = array("dir1", "dir2");
$install->begin();
It returns

Code: Select all

rm -rf /var/www/web8/web/script/dir1
rm -rf /var/www/web8/web/script/dir2
as intended. if I use $install->path_to_delete = "/var/www/"; or "/"
it returns Access denied. Is this enough?
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Yeah, that won't let you delete the entire filesystem ;) Looks good enough to me.
Post Reply