richard: server/perl-kolab/sbin kolab_bootstrap.in,1.15,1.16
cvs at kolab.org
cvs at kolab.org
Fri Jan 1 22:53:27 CET 2010
Author: richard
Update of /kolabrepository/server/perl-kolab/sbin
In directory doto:/tmp/cvs-serv6569/sbin
Modified Files:
kolab_bootstrap.in
Log Message:
solve kolab/issue4009: kolab_bootstrap contains dangerous code, could remove
wrong files
Index: kolab_bootstrap.in
===================================================================
RCS file: /kolabrepository/server/perl-kolab/sbin/kolab_bootstrap.in,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- kolab_bootstrap.in 30 Dec 2009 19:22:20 -0000 1.15
+++ kolab_bootstrap.in 1 Jan 2010 21:53:25 -0000 1.16
@@ -293,8 +293,21 @@
system("mv \"$kolab_config\" $backupdir");
}
- print "Cleaning up LDAP\n";
- system("cd \"$Kolab::config{'ldapserver_dir'}\"; rm -f *");
+ # Potentially dangerous code, be defensive. The "rm -f" command could remove
+ # the wrong files when the variable $Kolab::config{'ldapserver_dir'} is not
+ # assigned correctly. See kolab/issue4009. With the current implementation
+ # it is of course still possible to remove the wrong files, but this is a
+ # good trade off between defensive code and too much code.
+ if ((defined $Kolab::config{'ldapserver_dir'})
+ and ($Kolab::config{'ldapserver_dir'} ne "")
+ and ($Kolab::config{'ldapserver_dir'} ne "/")) {
+ print "Cleaning up LDAP\n";
+ system("rm -f \"$Kolab::config{'ldapserver_dir'}\"/*");
+ } else {
+ print "Error: variable ldapserver_dir incorrectly defined: ".
+ $Kolab::config{'ldapserver_dir'}."\n";
+ exit 1;
+ }
} else {
print "LDAP repository is empty - assuming fresh install\n";
More information about the commits
mailing list