Disallow `rm` to remove `*`
$begingroup$
Note: If you googled this by the title of this question, don't use this script unless you know what it is supposed to do.
This is a script in bash
3+ that I have used for long for preventing rm *
and rm -rf *
from accidentally invoked and removing important files by mistake. I put it in my ~/.bash_aliases
.
alias rm='set -f;rm'
rm(){
if [[ "$-" == *i* ]]
then
if [ "$1" = "*" ] || [ "$2" = "*" ] || [ "$1" = "./*" ] || [ "$2" = "./*" ]
then
echo "Abort: refusing to remove *, please go to the parent folder and do rm <folder_name>/*" 1>&2
set +f
return 1
fi
fi
set +f
/bin/rm -i $@
}
set +f
I would like to know whether there are any vulnerabilities and whether it can be improved.
bash
$endgroup$
add a comment |
$begingroup$
Note: If you googled this by the title of this question, don't use this script unless you know what it is supposed to do.
This is a script in bash
3+ that I have used for long for preventing rm *
and rm -rf *
from accidentally invoked and removing important files by mistake. I put it in my ~/.bash_aliases
.
alias rm='set -f;rm'
rm(){
if [[ "$-" == *i* ]]
then
if [ "$1" = "*" ] || [ "$2" = "*" ] || [ "$1" = "./*" ] || [ "$2" = "./*" ]
then
echo "Abort: refusing to remove *, please go to the parent folder and do rm <folder_name>/*" 1>&2
set +f
return 1
fi
fi
set +f
/bin/rm -i $@
}
set +f
I would like to know whether there are any vulnerabilities and whether it can be improved.
bash
$endgroup$
add a comment |
$begingroup$
Note: If you googled this by the title of this question, don't use this script unless you know what it is supposed to do.
This is a script in bash
3+ that I have used for long for preventing rm *
and rm -rf *
from accidentally invoked and removing important files by mistake. I put it in my ~/.bash_aliases
.
alias rm='set -f;rm'
rm(){
if [[ "$-" == *i* ]]
then
if [ "$1" = "*" ] || [ "$2" = "*" ] || [ "$1" = "./*" ] || [ "$2" = "./*" ]
then
echo "Abort: refusing to remove *, please go to the parent folder and do rm <folder_name>/*" 1>&2
set +f
return 1
fi
fi
set +f
/bin/rm -i $@
}
set +f
I would like to know whether there are any vulnerabilities and whether it can be improved.
bash
$endgroup$
Note: If you googled this by the title of this question, don't use this script unless you know what it is supposed to do.
This is a script in bash
3+ that I have used for long for preventing rm *
and rm -rf *
from accidentally invoked and removing important files by mistake. I put it in my ~/.bash_aliases
.
alias rm='set -f;rm'
rm(){
if [[ "$-" == *i* ]]
then
if [ "$1" = "*" ] || [ "$2" = "*" ] || [ "$1" = "./*" ] || [ "$2" = "./*" ]
then
echo "Abort: refusing to remove *, please go to the parent folder and do rm <folder_name>/*" 1>&2
set +f
return 1
fi
fi
set +f
/bin/rm -i $@
}
set +f
I would like to know whether there are any vulnerabilities and whether it can be improved.
bash
bash
edited yesterday
Weijun Zhou
asked yesterday
Weijun ZhouWeijun Zhou
1615
1615
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
The vulnerability I see is that only the first two arguments are checked. You could check all of them:
rm() {
[[ $- == *i* ]] && for arg
do
if [[ $arg = "*" || $arg = "./*" ]]
then
# abort
fi
done
# do the rm
This kind of checking will miss other dangerous wildcards like **
or ?*
. You can get safer checking by expanding *
yourself, then see if the expanded arguments contain that same list of files:
# alias not needed here; we want globs to be expanded
rm() {
declare -a star=(*)
declare -a dotslashstar=(./*)
if [[ "$@" == *"${star[@]}"* || "$@" == *"${dotslashstar[@]}"* ]]
then
# abort
... but then you can't (for example) empty a directory full of temp files with rm *.tmp
, if *.tmp
and *
match the same thing.
$endgroup$
2
$begingroup$
I love your idea of expanding*
myself.
$endgroup$
– Weijun Zhou
yesterday
add a comment |
$begingroup$
Double-quote variables used in command parameters
This is a bug:
/bin/rm -i $@
What will happen if you try to delete file a b
(with space in the name)?
Most likely this:
rm: a: No such file or directory
rm: b: No such file or directory
Always write "$@"
instead of unquoted $@
.
Unfortunately, as you pointed out in a comment,
this will cause another problem:
arguments containing globs will be taken literally.
In short, it's difficult to have the cake and eat it too.
You could mitigate the problem by looping over the arguments,
and if you detect a glob, then expand it yourself:
for arg; do
if [[ $arg == *[*?]* ]]; then
expanded=($arg)
echo rm -i "${expanded[@]}"
else
echo rm -i "$arg"
fi
done
This still won't be perfect, because it doesn't handle the case when an argument contains both spaces and globs. A robust solution would take more effort, and not worth doing in Bash. (See this example delegating the hard work to Python.)
Use command
to bypass aliases
Don't worry about the absolute path of commands. Use command
to bypass aliases:
command rm -i "$@"
Redundant file descriptors
In echo "Abort: ..." 1>&2
, the file descriptor 1
is redundant, you can safely omit it.
Preserving the user's environment
This is a minor nitpick.
When the alias is executed, it will do set +f
,
regardless of whatever was the original setting in the shell,
which may not be the same.
This is really just a minor nitpick, for the record.
I wouldn't care about this tiny impractical detail either.
$endgroup$
1
$begingroup$
I had an issue with patterns containing asterisk (e.g.rm -f .*.swp
) and that's why I didn't quote$@
. Your other advices are taken.
$endgroup$
– Weijun Zhou
16 hours ago
$begingroup$
@WeijunZhou That's a good point. See my updated answer.
$endgroup$
– janos
27 mins ago
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
});
});
}, "mathjax-editing");
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215069%2fdisallow-rm-to-remove%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
The vulnerability I see is that only the first two arguments are checked. You could check all of them:
rm() {
[[ $- == *i* ]] && for arg
do
if [[ $arg = "*" || $arg = "./*" ]]
then
# abort
fi
done
# do the rm
This kind of checking will miss other dangerous wildcards like **
or ?*
. You can get safer checking by expanding *
yourself, then see if the expanded arguments contain that same list of files:
# alias not needed here; we want globs to be expanded
rm() {
declare -a star=(*)
declare -a dotslashstar=(./*)
if [[ "$@" == *"${star[@]}"* || "$@" == *"${dotslashstar[@]}"* ]]
then
# abort
... but then you can't (for example) empty a directory full of temp files with rm *.tmp
, if *.tmp
and *
match the same thing.
$endgroup$
2
$begingroup$
I love your idea of expanding*
myself.
$endgroup$
– Weijun Zhou
yesterday
add a comment |
$begingroup$
The vulnerability I see is that only the first two arguments are checked. You could check all of them:
rm() {
[[ $- == *i* ]] && for arg
do
if [[ $arg = "*" || $arg = "./*" ]]
then
# abort
fi
done
# do the rm
This kind of checking will miss other dangerous wildcards like **
or ?*
. You can get safer checking by expanding *
yourself, then see if the expanded arguments contain that same list of files:
# alias not needed here; we want globs to be expanded
rm() {
declare -a star=(*)
declare -a dotslashstar=(./*)
if [[ "$@" == *"${star[@]}"* || "$@" == *"${dotslashstar[@]}"* ]]
then
# abort
... but then you can't (for example) empty a directory full of temp files with rm *.tmp
, if *.tmp
and *
match the same thing.
$endgroup$
2
$begingroup$
I love your idea of expanding*
myself.
$endgroup$
– Weijun Zhou
yesterday
add a comment |
$begingroup$
The vulnerability I see is that only the first two arguments are checked. You could check all of them:
rm() {
[[ $- == *i* ]] && for arg
do
if [[ $arg = "*" || $arg = "./*" ]]
then
# abort
fi
done
# do the rm
This kind of checking will miss other dangerous wildcards like **
or ?*
. You can get safer checking by expanding *
yourself, then see if the expanded arguments contain that same list of files:
# alias not needed here; we want globs to be expanded
rm() {
declare -a star=(*)
declare -a dotslashstar=(./*)
if [[ "$@" == *"${star[@]}"* || "$@" == *"${dotslashstar[@]}"* ]]
then
# abort
... but then you can't (for example) empty a directory full of temp files with rm *.tmp
, if *.tmp
and *
match the same thing.
$endgroup$
The vulnerability I see is that only the first two arguments are checked. You could check all of them:
rm() {
[[ $- == *i* ]] && for arg
do
if [[ $arg = "*" || $arg = "./*" ]]
then
# abort
fi
done
# do the rm
This kind of checking will miss other dangerous wildcards like **
or ?*
. You can get safer checking by expanding *
yourself, then see if the expanded arguments contain that same list of files:
# alias not needed here; we want globs to be expanded
rm() {
declare -a star=(*)
declare -a dotslashstar=(./*)
if [[ "$@" == *"${star[@]}"* || "$@" == *"${dotslashstar[@]}"* ]]
then
# abort
... but then you can't (for example) empty a directory full of temp files with rm *.tmp
, if *.tmp
and *
match the same thing.
answered yesterday
Oh My GoodnessOh My Goodness
1,179213
1,179213
2
$begingroup$
I love your idea of expanding*
myself.
$endgroup$
– Weijun Zhou
yesterday
add a comment |
2
$begingroup$
I love your idea of expanding*
myself.
$endgroup$
– Weijun Zhou
yesterday
2
2
$begingroup$
I love your idea of expanding
*
myself.$endgroup$
– Weijun Zhou
yesterday
$begingroup$
I love your idea of expanding
*
myself.$endgroup$
– Weijun Zhou
yesterday
add a comment |
$begingroup$
Double-quote variables used in command parameters
This is a bug:
/bin/rm -i $@
What will happen if you try to delete file a b
(with space in the name)?
Most likely this:
rm: a: No such file or directory
rm: b: No such file or directory
Always write "$@"
instead of unquoted $@
.
Unfortunately, as you pointed out in a comment,
this will cause another problem:
arguments containing globs will be taken literally.
In short, it's difficult to have the cake and eat it too.
You could mitigate the problem by looping over the arguments,
and if you detect a glob, then expand it yourself:
for arg; do
if [[ $arg == *[*?]* ]]; then
expanded=($arg)
echo rm -i "${expanded[@]}"
else
echo rm -i "$arg"
fi
done
This still won't be perfect, because it doesn't handle the case when an argument contains both spaces and globs. A robust solution would take more effort, and not worth doing in Bash. (See this example delegating the hard work to Python.)
Use command
to bypass aliases
Don't worry about the absolute path of commands. Use command
to bypass aliases:
command rm -i "$@"
Redundant file descriptors
In echo "Abort: ..." 1>&2
, the file descriptor 1
is redundant, you can safely omit it.
Preserving the user's environment
This is a minor nitpick.
When the alias is executed, it will do set +f
,
regardless of whatever was the original setting in the shell,
which may not be the same.
This is really just a minor nitpick, for the record.
I wouldn't care about this tiny impractical detail either.
$endgroup$
1
$begingroup$
I had an issue with patterns containing asterisk (e.g.rm -f .*.swp
) and that's why I didn't quote$@
. Your other advices are taken.
$endgroup$
– Weijun Zhou
16 hours ago
$begingroup$
@WeijunZhou That's a good point. See my updated answer.
$endgroup$
– janos
27 mins ago
add a comment |
$begingroup$
Double-quote variables used in command parameters
This is a bug:
/bin/rm -i $@
What will happen if you try to delete file a b
(with space in the name)?
Most likely this:
rm: a: No such file or directory
rm: b: No such file or directory
Always write "$@"
instead of unquoted $@
.
Unfortunately, as you pointed out in a comment,
this will cause another problem:
arguments containing globs will be taken literally.
In short, it's difficult to have the cake and eat it too.
You could mitigate the problem by looping over the arguments,
and if you detect a glob, then expand it yourself:
for arg; do
if [[ $arg == *[*?]* ]]; then
expanded=($arg)
echo rm -i "${expanded[@]}"
else
echo rm -i "$arg"
fi
done
This still won't be perfect, because it doesn't handle the case when an argument contains both spaces and globs. A robust solution would take more effort, and not worth doing in Bash. (See this example delegating the hard work to Python.)
Use command
to bypass aliases
Don't worry about the absolute path of commands. Use command
to bypass aliases:
command rm -i "$@"
Redundant file descriptors
In echo "Abort: ..." 1>&2
, the file descriptor 1
is redundant, you can safely omit it.
Preserving the user's environment
This is a minor nitpick.
When the alias is executed, it will do set +f
,
regardless of whatever was the original setting in the shell,
which may not be the same.
This is really just a minor nitpick, for the record.
I wouldn't care about this tiny impractical detail either.
$endgroup$
1
$begingroup$
I had an issue with patterns containing asterisk (e.g.rm -f .*.swp
) and that's why I didn't quote$@
. Your other advices are taken.
$endgroup$
– Weijun Zhou
16 hours ago
$begingroup$
@WeijunZhou That's a good point. See my updated answer.
$endgroup$
– janos
27 mins ago
add a comment |
$begingroup$
Double-quote variables used in command parameters
This is a bug:
/bin/rm -i $@
What will happen if you try to delete file a b
(with space in the name)?
Most likely this:
rm: a: No such file or directory
rm: b: No such file or directory
Always write "$@"
instead of unquoted $@
.
Unfortunately, as you pointed out in a comment,
this will cause another problem:
arguments containing globs will be taken literally.
In short, it's difficult to have the cake and eat it too.
You could mitigate the problem by looping over the arguments,
and if you detect a glob, then expand it yourself:
for arg; do
if [[ $arg == *[*?]* ]]; then
expanded=($arg)
echo rm -i "${expanded[@]}"
else
echo rm -i "$arg"
fi
done
This still won't be perfect, because it doesn't handle the case when an argument contains both spaces and globs. A robust solution would take more effort, and not worth doing in Bash. (See this example delegating the hard work to Python.)
Use command
to bypass aliases
Don't worry about the absolute path of commands. Use command
to bypass aliases:
command rm -i "$@"
Redundant file descriptors
In echo "Abort: ..." 1>&2
, the file descriptor 1
is redundant, you can safely omit it.
Preserving the user's environment
This is a minor nitpick.
When the alias is executed, it will do set +f
,
regardless of whatever was the original setting in the shell,
which may not be the same.
This is really just a minor nitpick, for the record.
I wouldn't care about this tiny impractical detail either.
$endgroup$
Double-quote variables used in command parameters
This is a bug:
/bin/rm -i $@
What will happen if you try to delete file a b
(with space in the name)?
Most likely this:
rm: a: No such file or directory
rm: b: No such file or directory
Always write "$@"
instead of unquoted $@
.
Unfortunately, as you pointed out in a comment,
this will cause another problem:
arguments containing globs will be taken literally.
In short, it's difficult to have the cake and eat it too.
You could mitigate the problem by looping over the arguments,
and if you detect a glob, then expand it yourself:
for arg; do
if [[ $arg == *[*?]* ]]; then
expanded=($arg)
echo rm -i "${expanded[@]}"
else
echo rm -i "$arg"
fi
done
This still won't be perfect, because it doesn't handle the case when an argument contains both spaces and globs. A robust solution would take more effort, and not worth doing in Bash. (See this example delegating the hard work to Python.)
Use command
to bypass aliases
Don't worry about the absolute path of commands. Use command
to bypass aliases:
command rm -i "$@"
Redundant file descriptors
In echo "Abort: ..." 1>&2
, the file descriptor 1
is redundant, you can safely omit it.
Preserving the user's environment
This is a minor nitpick.
When the alias is executed, it will do set +f
,
regardless of whatever was the original setting in the shell,
which may not be the same.
This is really just a minor nitpick, for the record.
I wouldn't care about this tiny impractical detail either.
edited 28 mins ago
answered 19 hours ago
janosjanos
98.3k12125350
98.3k12125350
1
$begingroup$
I had an issue with patterns containing asterisk (e.g.rm -f .*.swp
) and that's why I didn't quote$@
. Your other advices are taken.
$endgroup$
– Weijun Zhou
16 hours ago
$begingroup$
@WeijunZhou That's a good point. See my updated answer.
$endgroup$
– janos
27 mins ago
add a comment |
1
$begingroup$
I had an issue with patterns containing asterisk (e.g.rm -f .*.swp
) and that's why I didn't quote$@
. Your other advices are taken.
$endgroup$
– Weijun Zhou
16 hours ago
$begingroup$
@WeijunZhou That's a good point. See my updated answer.
$endgroup$
– janos
27 mins ago
1
1
$begingroup$
I had an issue with patterns containing asterisk (e.g.
rm -f .*.swp
) and that's why I didn't quote $@
. Your other advices are taken.$endgroup$
– Weijun Zhou
16 hours ago
$begingroup$
I had an issue with patterns containing asterisk (e.g.
rm -f .*.swp
) and that's why I didn't quote $@
. Your other advices are taken.$endgroup$
– Weijun Zhou
16 hours ago
$begingroup$
@WeijunZhou That's a good point. See my updated answer.
$endgroup$
– janos
27 mins ago
$begingroup$
@WeijunZhou That's a good point. See my updated answer.
$endgroup$
– janos
27 mins ago
add a comment |
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f215069%2fdisallow-rm-to-remove%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown