This is very wrong to recommend:
; NOTE: If you are using the subdirectory option for storing session files
[...]
; find /path/to/sessions -cmin +24 | xargs rm
because it is prone to '\n' attack. You can see the security
considerations of GNU find.
Much better would be:
find /path/to/sessions -cmin +24 -delete
or at least
find /path/to/sessions -cmin +24 -execdir rm "{}" ; (GNU find)
The most error-prone way is something we cooked up in Debian:
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f
-ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2>/dev/null ;
-delete
which depends on fuser at least version 22.15 (which has removed
fork() call which was able to swamp up whole system with zombies).
The fuser call checks if the session file is still in use, because the
script was deleting still active sessions opened 24+ mins ago.
O.
Ondřej Surý <ondrej@sury.org
This is very wrong to recommend:
; NOTE: If you are using the subdirectory option for storing session files
[...]
; find /path/to/sessions -cmin +24 | xargs rmbecause it is prone to '\n' attack. You can see the security
considerations of GNU find.
Can you log a bug for this at https://bugs.php.net/ ?
Thanks,
Chris
--
Email: christopher.jones@oracle.com
Tel: +1 650 506 8630
Blog: http://blogs.oracle.com/opal/
Am 09.02.2012 00:35, schrieb Ondřej Surý:
Much better would be:
find /path/to/sessions -cmin +24 -delete
or at least
find /path/to/sessions -cmin +24 -execdir rm "{}" ; (GNU find)The most error-prone way is something we cooked up in Debian:
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f
-ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2>/dev/null ;
-deletewhich depends on fuser at least version 22.15 (which has removed
fork() call which was able to swamp up whole system with zombies).The fuser call checks if the session file is still in use, because the
script was deleting still active sessions opened 24+ mins ago.
the main question is why here "cmin" is used instead "mmin"?
find /var/www/sessiondata -type f -mmin +60 -exec rm -f {} ; 2> /dev/null > /dev/null
On Thu, Feb 9, 2012 at 00:40, Christopher Jones
christopher.jones@oracle.com wrote:
Can you log a bug for this at https://bugs.php.net/ ?
Done: https://bugs.php.net/bug.php?id=61020
the main question is why here "cmin" is used instead "mmin"?
find /var/www/sessiondata -type f -mmin +60 -exec rm -f {} ; 2> /dev/null > /dev/null
Good question about -cmin vs -mmin, but the rest of the command is so much wrong
in so many places. Here's the GNU find manual online[1].
-exec rm -f {} ;
- prone to symlink attack (see the bugreport)
- forcing rm here is only hiding possible errors
2>/dev/null 1>/dev/null
- only hiding possible errors
O.