Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57804 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 87781 invoked from network); 8 Feb 2012 23:43:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Feb 2012 23:43:24 -0000 Authentication-Results: pb1.pair.com header.from=h.reindl@thelounge.net; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=h.reindl@thelounge.net; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender) X-PHP-List-Original-Sender: h.reindl@thelounge.net X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net Received: from [91.118.73.15] ([91.118.73.15:55980] helo=mail.thelounge.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4F/A0-17591-998033F4 for ; Wed, 08 Feb 2012 18:43:22 -0500 Received: from srv-rhsoft.rhsoft.net (openvpn-rh.thelounge.net [10.0.0.241]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.thelounge.net (Postfix) with ESMTPSA id BB86D9A for ; Thu, 9 Feb 2012 00:43:18 +0100 (CET) Message-ID: <4F330896.4070802@thelounge.net> Date: Thu, 09 Feb 2012 00:43:18 +0100 Organization: the lounge interactive design User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120206 Thunderbird/10.0 MIME-Version: 1.0 To: internals@lists.php.net References: In-Reply-To: X-Enigmail-Version: 1.3.5 OpenPGP: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigE90D16902750CF2C2B134681" Subject: Re: [PHP-DEV] Security risk how to use find recommended in php.ini-* From: h.reindl@thelounge.net (Reindl Harald) --------------enigE90D16902750CF2C2B134681 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 09.02.2012 00:35, schrieb Ond=C5=99ej Sur=C3=BD: > Much better would be: >=20 > find /path/to/sessions -cmin +24 -delete > or at least > find /path/to/sessions -cmin +24 -execdir rm "{}" \; (GNU find) >=20 > The most error-prone way is something we cooked up in Debian: >=20 > find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f > -ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2>/dev/null \; > -delete >=20 > which depends on fuser at least version 22.15 (which has removed > fork() call which was able to swamp up whole system with zombies). >=20 > The fuser call checks if the session file is still in use, because the > script was deleting still active sessions opened 24+ mins ago. the main question is why here "cmin" is used instead "mmin"? find /var/www/sessiondata -type f -mmin +60 -exec rm -f {} \; 2> /dev/nul= l > /dev/null --------------enigE90D16902750CF2C2B134681 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8zCJYACgkQhmBjz394AnkT1wCgjuUOw/Q7GHzMFEf5mq34uB3a rKsAn1NlLcpVk7NLjIgMLm9bQExn92Sd =HFdb -----END PGP SIGNATURE----- --------------enigE90D16902750CF2C2B134681--