diff options
| -rwxr-xr-x | iurt_root_command | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/iurt_root_command b/iurt_root_command index 7abd842..3104062 100755 --- a/iurt_root_command +++ b/iurt_root_command @@ -243,7 +243,6 @@ sub rm { my ($_run, $opt, @files) = @_; my $ok = 1; my $done; - my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; foreach my $f (@files) { if (-d $f) { @@ -251,7 +250,7 @@ sub rm { plog('WARN', "can't remove directories without the -r option"); $ok = 0; } else { - if ($f =~ m,$unauthorized,) { + if (!check_path_authorized($f)) { plog('FAIL', "removal of $f forbidden"); $ok = 0; } else { @@ -261,7 +260,7 @@ sub rm { } } } else { - if ($f =~ m,/$unauthorized,) { + if (!check_path_authorized($f)) { plog("removal of $f forbidden"); $ok = 0; } else { @@ -271,7 +270,7 @@ sub rm { if ($f =~ /[*?]/) { foreach my $file (glob $f) { - if ($f =~ m,$unauthorized,) { + if (!check_path_authorized($f)) { plog('FAIL', "removal of $f forbidden"); $ok = 0; } else { @@ -297,11 +296,7 @@ sub cp { my $ok = 1; my $done; my $dest = pop @files; - my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; - if ($dest =~ /$unauthorized/ || $dest eq '/') { - plog('FAIL', "copying to $dest forbidden"); - return; - } + check_path_authorized($dest) or return; foreach my $f (@files) { if (-d $f) { if (!$opt->{recursive}) { @@ -340,11 +335,7 @@ sub cp { sub ln { my ($_run, $_opt, $file1, $file2) = @_; - my $unauthorized = "^(/etc|/root|/dev|/var|/lib|/usr)"; - if ($file2 =~ /$unauthorized/ || $file2 eq '/') { - plog('FAIL', "linking to $file2 forbidden"); - return; - } + check_path_authorized($file1) && check_path_authorized($file2) or return; link $file1, $file2; } |