JP Vossen on 2 Jul 2009 12:39:26 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] add symlink to directory with find -name -exec {} \;


> Date: Wed, 1 Jul 2009 16:39:37 -0400
> From: Michael Lazin <microlaser@gmail.com>

Technical discussion at top, actual solution at bottom.


> Hi, occasionally I find a vulnerable script that I disable with something
> like find -name script_name -exec chmod 200 {} \;

In general you want to avoid using '-exec {} \;' because it's terribly 
inefficient since it guarantees that you spawn a sub-shell for every 
single file you find.  *Often* a better way is this (assume GNU tools):
	find -name script_name -print0 | xargs -0 chmod 200

The canonical case for this form is chown or chmod.  Instead of spawning 
a sub-shell once for each file or directory, running chown, then doing 
the next, xargs will only spawn as many shells needs to "fit" the 
arguments into the environment.  On modern Linux, that's almost always 
just 1 shell.  That's a *lot* faster when you have a lot of files.

'find -print0' and 'xargs -0' use NULLs instead of white space as field 
separators.  See the man pages.

However...  In your particular case it probably doesn't really matter 
since you will probably only have a few hits.  But the first time you 
return hundreds of files, some with spaces in the name, you will really 
appreciate my way.

And, my way doesn't always work.  xargs works great when the results 
from find can be strung out as arguments to your command.  That would be 
a disaster with something like the mv or cp commands though.  When in 
doubt, add an echo and test:
	find -name script_name -print0 | xargs -0 echo chmod 200


> I was thinking it would be more friendly to the user to add a symlink to the
> affected directory to a php.ini with allow_url_fopen and register_globals
> off.  Can anyone think of a simple way to add a symlink to a directory a
> vulnerable file is in with find?

This is a case where xargs is not a good idea, and you have to use 
-exec, since you really do want to do things one at a time.

It turns out that GNU find has an awesome little feature that is perfect 
for what you want!  Check this out:
	find /path -name script_name -execdir ln -s /path/to/php.ini \;

I learned something new on that one.

Good luck,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug