I was intended to say as what Cero interpreted.
The tool that I use, would invoke a "rm" or "/usr/bin/rm" commands.
Operands will be passed to the 'rm' utility, with the optional arguments of -r / -rf / -f etc as parameters.
Eg for the parameters:
During any abnormality, there are chances for the tool to send parameters like #folder# or #file# as empty value.
And we know the impact of it.
I was infact trying the options this morning, similar to what cero was describing in.
I created the alias, and it would work in unix terminal, but not in the tool. Not sure, If i need to bounce the tool to refresh the change in .profile.
So with the help of admins, i tried to create the soft link for the rm command.
/usr/bin
And it seems to work for my testing.
And thinking to add more conditions to capture in the script as Don mentioned.
Atleast this way, we can avoid the possibilities of known issues that we far. Hope this would be a right way to proceed.
Aliases are set up differently for different shells; may be disabled or replaced by a user or by a script, and -- as you already know -- won't have any effect if whatever is invoking rm isn't a shell running with the defined alias in its current execution environment.
I wasn't suggesting adding more conditions to an mv filter. I was trying to point out that on an active system, there is no way to reliably do what that script seems to want to do (and even for the simple, static case) there are several errors in this rm filter that could keep it from recognizing that the caller was attempting to recursively remove all files under the root directory, and would also make it impossible to remove some files unless the user knew how to avoid this buggy filter so the unadulterated rm utility could process the operands that the user intended to pass in.
I fully agree with Corona688: Fix, disable, or remove code that is taking input from users or website input fields and transforming it into dangerous commands without performing appropriate input validation. <<getting onto soapbox>> If you have a programmer who is writing code that will be running with super-user privileges, taking a (possibly empty) directory from a website field, adding a /* to that directory, and then invoking rm with the -r and -f options and that modified directory name; fire that programmer. If you are getting code from a 3rd party vendor that contains code like this; demand a refund and remove them from your approved vendor list. <<getting off of soapbox>>
Perhaps the following trick helps: create a file named -i in the current work directory
In most locales -i comes first in the alphabet, so rm * expands to rm -i file1 file2 ....
Another trick is to turn off the shell's wildcard globbing, in .bashrc with
or in .cshrc with
This User Gave Thanks to MadeInGermany For This Post:
From experience, if you give people the slightest chance to do something dangerous, then eventually they will do it by accident.
Experience is a great teacher, if you keep your job long enough to use it.
I would suggest that the approach is flawed as others have said. You need to find a far more secure way lock down what is removed.
Can you explain a little more why they might need to delete everything in a particular directory? Are these temporary files perhaps left being by a previous user perhaps? There are better ways of dealing with that issue.
If an email is sent from our application server(running on AIX) to an id that is outside of the organization like gmail etc, and if gmail should not treat the mail as spam, what has to be done from unix level? (7 Replies)
Hi,
I've been searching around for solution, hope that some gurus here can help.
I'm using some commands in my shell script and I'd like to protect these command to be moved to another directory. For instance, cp currently in /bin/cp. If I move it to /bin/cpxxx, my script will not be able to... (3 Replies)
Hi,all.Well,I know someone has already asked this question before,however,It's too long before.So i post a new thread here.
Here is the issue.I have a shell script that use awk to calculate something and the script takes about 15 mins,it will use 100% CPU,and the system automatically killed the... (2 Replies)
I understand that on my HP-UX 11.31 system when print queues can no longer communicate with remote printers, the queue disables itself. How can I configure it to stop disabling itself, or alternatively, to re-enable itself when the remote printer comes back online? I have users in warehouses who... (6 Replies)
I have one shell script which is being accessed by many jobs at same time.
I want to make the script such that , other job should wait for the script if script is being used by some other job. Is there any way to implement it in script level ?
Gops (1 Reply)
I am using linux termios structure to configure serial port and read the port by read function. For some reason, if I read the whole buffer, almost every time the buffer does not contain the correct reply message sequence from a device sending reply to my linux PC. So I use... (5 Replies)
Is there anyway to prevent a command from being logged in the history file?
I share a system with others (log in with same account) and I would like to prevent any passwords from being logged in the history file. Some of the commands that I run require username/password on the command line... (7 Replies)
I am using bash shell; my requirement is to run a long command.
Now I have split this long command into a number of shell variables.
Some of these shell variables contain special character ':'
At the end, when the intended long command is executed as a series of small shell variables the ':'... (7 Replies)