safe-rm

   1 #!/usr/bin/perl -t
   2
   3 use warnings;
   4 use strict;
   5 use Cwd 'realpath';
   6
   7 our $VERSION = '0.11';
   8
   9 my $homedir            = $ENV{HOME} || q{};
  10 my $LEGACY_CONFIG_FILE = "$homedir/.safe-rm";
  11 my $USER_CONFIG_FILE   = ($ENV{XDG_CONFIG_HOME} || "$homedir/.config") . "/safe-rm";
  12 my $GLOBAL_CONFIG_FILE = '/etc/safe-rm.conf';
  13
  14 my %default_protected_dirs = (
  15     '/bin'               => 1,
  16     '/boot'              => 1,
  17     '/dev'               => 1,
  18     '/etc'               => 1,
  19     '/home'              => 1,
  20     '/initrd'            => 1,
  21     '/lib'               => 1,
  22     '/lib32'             => 1,
  23     '/lib64'             => 1,
  24     '/proc'              => 1,
  25     '/root'              => 1,
  26     '/sbin'              => 1,
  27     '/sys'               => 1,
  28     '/usr'               => 1,
  29     '/usr/bin'           => 1,
  30     '/usr/include'       => 1,
  31     '/usr/lib'           => 1,
  32     '/usr/local'         => 1,
  33     '/usr/local/bin'     => 1,
  34     '/usr/local/include' => 1,
  35     '/usr/local/sbin'    => 1,
  36     '/usr/local/share'   => 1,
  37     '/usr/sbin'          => 1,
  38     '/usr/share'         => 1,
  39     '/usr/src'           => 1,
  40     '/var'               => 1,
  41 );
  42
  43 my %protected_dirs = ();
  44
  45 sub read_config_file {
  46     my $filename = shift;
  47
  48     if ( -e $filename ) {
  49         if ( open my $fh, '<', $filename ) {
  50             while (<$fh>) {
  51                 chomp;
  52                 foreach my $file (glob) {
  53                     $protected_dirs{$file} = 1;
  54                 }
  55             }
  56             close $fh;    # deliberatly ignore errors
  57         }
  58         else {
  59             print {*STDERR} "Could not open configuration file: $filename\n";
  60         }
  61     }
  62
  63     return;
  64 }
  65
  66 read_config_file($GLOBAL_CONFIG_FILE);
  67 read_config_file($LEGACY_CONFIG_FILE);
  68 read_config_file($USER_CONFIG_FILE);
  69
  70 if ( 0 == scalar keys %protected_dirs ) {
  71     %protected_dirs = %default_protected_dirs;
  72 }
  73
  74 my @allowed_args = ();
  75 foreach (@ARGV) {
  76     my $pathname = $_;
  77
  78     # Normalize the pathname
  79     my $normalized_pathname = $pathname;
  80     if ( $normalized_pathname =~ m{/}xms or -e "$normalized_pathname" ) {
  81
  82         # Convert to an absolute path (e.g. remove "..")
  83         $normalized_pathname = realpath($normalized_pathname);
  84         if ( !$normalized_pathname ) {
  85             $normalized_pathname = $pathname;
  86         }
  87     }
  88     if ( $normalized_pathname =~ m{^(.+?)/+$}xms ) {
  89
  90         # Trim trailing slashes
  91         $normalized_pathname = $1;
  92     }
  93
  94     # Check against the blacklist
  95     if ( exists $protected_dirs{$normalized_pathname} and not -l $pathname ) {
  96         print {*STDERR} "safe-rm: skipping $pathname\n" || 0;
  97     }
  98     elsif ( $pathname =~ /(.*)/xms ) {    # pointless untainting
  99         push @allowed_args, $1;
 100     }
 101 }
 102
 103 # Prepare for actually deleting the file
 104 local $ENV{PATH} = q{};                   # pointless untainting
 105 local $ENV{CDPATH} = q{};                 # pointless untainting
 106 local $ENV{IFS} = " \t\n";                # pointless untainting
 107 my $real_rm = '/bin/rm';
 108
 109 # Make sure we're not calling ourselves recursively
 110 if ( realpath($real_rm) eq realpath($0) ) {
 111     die 'safe-rm cannot find the real "rm" binary' . "\n";
 112 }
 113
 114 # Run the real rm command, returning with the same error code
 115 my $status = system $real_rm, @allowed_args;
 116 my $errcode = $status >> 8;
 117 exit $errcode;
 118
 119 __END__
 120
 121 =head1 NAME
 122
 123 safe-rm - wrapper around the rm command to prevent accidental deletions
 124
 125 =head1 USAGE
 126
 127 safe-rm [ ... ]
 128 (same arguments as rm)
 129
 130 =head1 DESCRIPTION
 131
 132 safe-rm prevents the accidental deletion of important files by
 133 replacing rm with a wrapper which checks the given arguments against a
 134 configurable blacklist of files and directories which should never be
 135 removed.
 136
 137 Users who attempt to delete one of these protected files or
 138 directories will not be able to do so and will be shown a warning
 139 message instead.
 140
 141 safe-rm is meant to replace the rm command so you can achieve this by
 142 putting a symbolic link with the name "rm" in a directory which sits
 143 at the front of your path. For example, given this path:
 144
 145   PATH=/usr/local/bin:/bin:/usr/bin
 146
 147 You could create the following symbolic link:
 148
 149   ln -s /usr/local/bin/safe-rm /usr/local/bin/rm
 150
 151 =head1 CONFIGURATION
 152
 153 Protected paths can be set both at the site and user levels.
 154
 155 Both of these configuration files can contain a list of important files
 156 or directories (one per line):
 157
 158   /etc/safe-rm.conf
 159   ~/.config/safe-rm
 160
 161 If both of these are empty, a default list of important paths will be
 162 used.
 163
 164 =for stopword Wildcards
 165 Wildcards are allowed in the configuration files, but be careful
 166
 167   /usr/lib/*
 168
 169 will protect all of the files inside the /usr/lib directory if they are referred to directly, but it will not protect your system against:
 170
 171   rm -rf /usr/lib
 172
 173 For a full protection, you should include both of these lines:
 174
 175   /usr/lib
 176   /usr/lib/*
 177
 178 =head1 EXIT STATUS
 179
 180 Same exit status as the real rm command.
 181
 182 Note that if all file arguments are skipped by safe-rm then the exit status
 183 will be the same as the exit status of the real rm when no files arguments
 184 are present.
 185
 186 =head1 BUGS AND LIMITATIONS
 187
 188 Note that if you put the following in your protected paths list:
 189
 190   $ cat /etc/safe-rm.conf
 191   /usr/lib
 192
 193 Then safe-rm will prevent you from deleting the directory:
 194
 195   $ rm -rf /usr/lib
 196   Skipping /usr/lib
 197   /bin/rm: missing operand
 198   Try `/bin/rm --help' for more information.
 199
 200 However it cannot protect you from the following:
 201
 202   $ cd /usr/lib
 203   $ rm -f *
 204
 205 =head1 AUTHOR
 206
 207 Francois Marier <francois@fmarier.org>
 208
 209 =head1 SEE ALSO
 210
 211 rm(1)
 212
 213 =head1 LICENSE AND COPYRIGHT
 214
 215 Copyright (C) 2008-2014 Francois Marier
 216
 217 This program is free software: you can redistribute it and/or modify
 218 it under the terms of the GNU General Public License as published by
 219 the Free Software Foundation, either version 3 of the License, or
 220 (at your option) any later version.
 221
 222 This program is distributed in the hope that it will be useful,
 223 but WITHOUT ANY WARRANTY; without even the implied warranty of
 224 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 225 GNU General Public License for more details.
 226
 227 You should have received a copy of the GNU General Public License
 228 along with this program.  If not, see <http://www.gnu.org/licenses/>.