safe-rm

   1 #!/usr/bin/perl -t
   2
   3 use warnings;
   4 use strict;
   5 use Cwd 'realpath';
   6
   7 our $VERSION = '0.13';
   8
   9 my $homedir            = $ENV{HOME} || q{};
  10 my $LEGACY_CONFIG_FILE = "$homedir/.safe-rm";
  11 my $USER_CONFIG_FILE   = ($ENV{XDG_CONFIG_HOME} || "$homedir/.config") . "/safe-rm";
  12 my $GLOBAL_CONFIG_FILE = '/etc/safe-rm.conf';
  13 my $GLOBAL_LOCAL_CONFIG_FILE = '/usr/local/etc/safe-rm.conf';
  14
  15 my %default_protected_dirs = (
  16     '/bin'               => 1,
  17     '/boot'              => 1,
  18     '/dev'               => 1,
  19     '/etc'               => 1,
  20     '/home'              => 1,
  21     '/initrd'            => 1,
  22     '/lib'               => 1,
  23     '/lib32'             => 1,
  24     '/lib64'             => 1,
  25     '/proc'              => 1,
  26     '/root'              => 1,
  27     '/sbin'              => 1,
  28     '/sys'               => 1,
  29     '/usr'               => 1,
  30     '/usr/bin'           => 1,
  31     '/usr/include'       => 1,
  32     '/usr/lib'           => 1,
  33     '/usr/local'         => 1,
  34     '/usr/local/bin'     => 1,
  35     '/usr/local/include' => 1,
  36     '/usr/local/sbin'    => 1,
  37     '/usr/local/share'   => 1,
  38     '/usr/sbin'          => 1,
  39     '/usr/share'         => 1,
  40     '/usr/src'           => 1,
  41     '/var'               => 1,
  42 );
  43
  44 my %protected_dirs = ();
  45
  46 sub read_config_file {
  47     my $filename = shift;
  48
  49     if ( -e $filename ) {
  50         if ( open my $fh, '<', $filename ) {
  51             while (<$fh>) {
  52                 chomp;
  53                 foreach my $file (glob) {
  54                     $protected_dirs{$file} = 1;
  55                 }
  56             }
  57             close $fh;    # deliberatly ignore errors
  58         }
  59         else {
  60             print {*STDERR} "Could not open configuration file: $filename\n";
  61         }
  62     }
  63
  64     return;
  65 }
  66
  67 read_config_file($GLOBAL_CONFIG_FILE);
  68 read_config_file($GLOBAL_LOCAL_CONFIG_FILE);
  69 read_config_file($LEGACY_CONFIG_FILE);
  70 read_config_file($USER_CONFIG_FILE);
  71
  72 if ( 0 == scalar keys %protected_dirs ) {
  73     %protected_dirs = %default_protected_dirs;
  74 }
  75
  76 my @allowed_args = ();
  77 foreach (@ARGV) {
  78     my $pathname = $_;
  79
  80     # Normalize the pathname
  81     my $normalized_pathname = $pathname;
  82     if ( $normalized_pathname =~ m{/}xms or -e "$normalized_pathname" ) {
  83
  84         # Convert to an absolute path (e.g. remove "..")
  85         $normalized_pathname = realpath($normalized_pathname);
  86         if ( !$normalized_pathname ) {
  87             $normalized_pathname = $pathname;
  88         }
  89     }
  90     if ( $normalized_pathname =~ m{^(.+?)/+$}xms ) {
  91
  92         # Trim trailing slashes
  93         $normalized_pathname = $1;
  94     }
  95
  96     # Check against the exclusions
  97     if ( exists $protected_dirs{$normalized_pathname} and not -l $pathname ) {
  98         print {*STDERR} "safe-rm: skipping $pathname\n" || 0;
  99     }
 100     elsif ( $pathname =~ /(.*)/xms ) {    # pointless untainting
 101         push @allowed_args, $1;
 102     }
 103 }
 104
 105 # Prepare for actually deleting the file
 106 local $ENV{PATH} = q{};                   # pointless untainting
 107 local $ENV{CDPATH} = q{};                 # pointless untainting
 108 local $ENV{IFS} = " \t\n";                # pointless untainting
 109 my $real_rm = '/bin/rm';
 110
 111 # Make sure we're not calling ourselves recursively
 112 if ( realpath($real_rm) eq realpath($0) ) {
 113     die 'safe-rm cannot find the real "rm" binary' . "\n";
 114 }
 115
 116 # Run the real rm command, returning with the same error code
 117 my $status = system $real_rm, @allowed_args;
 118 my $errcode = $status >> 8;
 119 exit $errcode;
 120
 121 __END__
 122
 123 =head1 NAME
 124
 125 safe-rm - wrapper around the rm command to prevent accidental deletions
 126
 127 =head1 USAGE
 128
 129 safe-rm [ ... ]
 130 (same arguments as rm)
 131
 132 =head1 DESCRIPTION
 133
 134 safe-rm prevents the accidental deletion of important files by
 135 replacing rm with a wrapper which checks the given arguments against a
 136 configurable list of exclusions for files and directories which should
 137 never be removed.
 138
 139 Users who attempt to delete one of these protected files or
 140 directories will not be able to do so and will be shown a warning
 141 message instead.
 142
 143 safe-rm is meant to replace the rm command so you can achieve this by
 144 putting a symbolic link with the name "rm" in a directory which sits
 145 at the front of your path. For example, given this path:
 146
 147   PATH=/usr/local/bin:/bin:/usr/bin
 148
 149 You could create the following symbolic link:
 150
 151   ln -s /usr/local/bin/safe-rm /usr/local/bin/rm
 152
 153 =head1 CONFIGURATION
 154
 155 Protected paths can be set both at the site and user levels.
 156
 157 All of these configuration files can contain a list of important files
 158 or directories (one per line):
 159
 160   /etc/safe-rm.conf
 161   /usr/local/etc/safe-rm.conf
 162   ~/.config/safe-rm
 163
 164 If all of these are empty, a default list of important paths will be
 165 used.
 166
 167 =for stopword Wildcards
 168 Wildcards are allowed in the configuration files, but be careful
 169
 170   /usr/lib/*
 171
 172 will protect all of the files inside the /usr/lib directory if they are referred to directly, but it will not protect your system against:
 173
 174   rm -rf /usr/lib
 175
 176 For a full protection, you should include both of these lines:
 177
 178   /usr/lib
 179   /usr/lib/*
 180
 181 =head1 EXIT STATUS
 182
 183 Same exit status as the real rm command.
 184
 185 Note that if all file arguments are skipped by safe-rm then the exit status
 186 will be the same as the exit status of the real rm when no files arguments
 187 are present.
 188
 189 =head1 BUGS AND LIMITATIONS
 190
 191 Note that if you put the following in your protected paths list:
 192
 193   $ cat /etc/safe-rm.conf
 194   /usr/lib
 195
 196 Then safe-rm will prevent you from deleting the directory:
 197
 198   $ rm -rf /usr/lib
 199   Skipping /usr/lib
 200   /bin/rm: missing operand
 201   Try `/bin/rm --help' for more information.
 202
 203 However it cannot protect you from the following:
 204
 205   $ cd /usr/lib
 206   $ rm -f *
 207
 208 =head1 AUTHOR
 209
 210 Francois Marier <francois@fmarier.org>
 211
 212 =head1 SEE ALSO
 213
 214 rm(1)
 215
 216 =head1 LICENSE AND COPYRIGHT
 217
 218 Copyright (C) 2008-2020 Francois Marier
 219
 220 This program is free software: you can redistribute it and/or modify
 221 it under the terms of the GNU General Public License as published by
 222 the Free Software Foundation, either version 3 of the License, or
 223 (at your option) any later version.
 224
 225 This program is distributed in the hope that it will be useful,
 226 but WITHOUT ANY WARRANTY; without even the implied warranty of
 227 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 228 GNU General Public License for more details.
 229
 230 You should have received a copy of the GNU General Public License
 231 along with this program.  If not, see <https://www.gnu.org/licenses/>.