Page 1 of 1

How do I make sure I never erase my own disk?

Posted: Sun Feb 05, 2006 11:10 pm
by danf_1979

Code: Select all

<?php
	function _do_delete() {
		if ( is_array($this->do_delete) ) {	
			foreach ($this->do_delete as $value) {
				system("rm -rf ".$this->path_to_delete."/".$value);
			}
		}
	}
?>
How do I make sure I never erase my own disk?
I'm newbie at php so I would like if someone could give some topics about this or a general idea of what function could I use to do some comprobations?

Posted: Sun Feb 05, 2006 11:47 pm
by feyd
If you must use such a command, realpath() can help you check where the path will actually hit. However, if you're wanting to delete files, use unlink() instead.

Posted: Mon Feb 06, 2006 3:00 am
by danf_1979
Ok now I know what I want. I need that all directories to be deleted must be inside a given directory, for example /var/www. If directories to delete are in a directory outside /var/www/ the command should not be executed.
What should I study to get this done?

Many thanks!!

do_delete is an array with the directories to be deleted.

Posted: Mon Feb 06, 2006 4:03 am
by jayshields
As far as I'm aware, if you use unlink() like feyd suggested it wouldn't ever delete itself, so therefore you wouldn't need all this fancy validation you ask about, just make sure that yourscript.php is on the disk you dont want to wipe.

unlink() can't delete directories but there's a snippet in the Snippets forum that I posted which is recursive.

Posted: Mon Feb 06, 2006 8:45 am
by Chris Corbyn
Yikes.... I hope to high heaven you test this inside-out, outside-in upside-down, back-to-front from the moon....

If either of those two variables either side of the / end up empty you're risking major system issues. Luckily the apache user should be something with hardly any system permissions but still this looks like one heck of a risky function ;)

I might also suggest chrooting the apache user to minimize such a risk as much as possible.

Posted: Mon Feb 06, 2006 1:16 pm
by danf_1979
This is not runned by apache but a deamon that runs as root. This function is used to erase some not needed directories after a copy has been made.
For example, I copy files and directories from /var/www/installers/[given_script]/html/* to /var/www/web[web[ID]/web/[given_dir] and then delete /var/www/web[ID]/web/[given_dir]/[do_delete] where do_delete is an array of not needed directories.

Posted: Mon Feb 06, 2006 1:20 pm
by Chris Corbyn
danf_1979 wrote:This is not runned by apache but a deamon that runs as root. This function is used to erase some not needed directories after a copy has been made.
For example, I copy files and directories from /var/www/installers/[given_script]/html/* to /var/www/web[web[ID]/web/[given_dir] and then delete /var/www/web[ID]/web/[given_dir]/[do_delete] where do_delete is an array of not needed directories.
Are the files to delete owned by root? I'd strongly advise running it under another user if not. I know I certainly wouldn't write such a script that runs as root ;) It's a potential nightmare. And if you *do* have to run it as root I suggest as chroot as I said above, unless you need access right from / upwards.

Posted: Mon Feb 06, 2006 2:12 pm
by danf_1979
Directories to delete are in users homes (/var/www/web[ID]/web).
This works but I dont know if it can be better:

Code: Select all

class install
.
.
.

    function _do_delete() {

    	$allowed = array('/var/www/web');

	if(in_array(substr($this->path_to_delete,0,12), $allowed)) {
		if ( is_array($this->do_delete) ) {    
			foreach ($this->do_delete as $value) {
				print "rm -rf ".$this->path_to_delete."/".$value;			
				//system("rm -rf ".$this->path_to_delete."/".$value);
        			}
			}
		}
	else {
		echo 'Access denied.';
		}
	}

}


$install = new install;
$install->path_to_delete = "/var/www/web8/web/script";
$install->do_delete = array("dir1", "dir2");
$install->begin();
It returns

Code: Select all

rm -rf /var/www/web8/web/script/dir1
rm -rf /var/www/web8/web/script/dir2
as intended. if I use $install->path_to_delete = "/var/www/"; or "/"
it returns Access denied. Is this enough?

Posted: Mon Feb 06, 2006 2:37 pm
by Chris Corbyn
Yeah, that won't let you delete the entire filesystem ;) Looks good enough to me.