From c6adbe7a36a7330debfaa07d4351bcd80d479214 Mon Sep 17 00:00:00 2001 From: Dave Reisner Date: Sat, 4 Jun 2011 19:55:36 -0400 Subject: add PATH, strip absolute path from binaries Since we're declaring a PATH anyways, we may as well use it. This gives us immunity against binaries moving around, as in the recent case of iproute2. A few other minor, associated, tweaks to go along with this: * any -x tests are modified to use 'type -P' to resolve the path before checking for execute permission * any pidof checks are stripped of paths as well. --- rc.shutdown | 42 ++++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) (limited to 'rc.shutdown') diff --git a/rc.shutdown b/rc.shutdown index 604fdec..a040bbe 100755 --- a/rc.shutdown +++ b/rc.shutdown @@ -6,10 +6,12 @@ . /etc/rc.conf . /etc/rc.d/functions +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + run_hook shutdown_start # avoid staircase effect -/bin/stty onlcr +stty onlcr echo " " printhl "Initiating Shutdown..." @@ -23,49 +25,49 @@ stat_busy "Saving Random Seed" RANDOM_SEED=/var/lib/misc/random-seed [[ -d ${RANDOM_SEED%/*} ]] || mkdir -p ${RANDOM_SEED%/*} : > $RANDOM_SEED -/bin/chmod 0600 $RANDOM_SEED +chmod 0600 $RANDOM_SEED POOL_FILE=/proc/sys/kernel/random/poolsize if [[ -r $POOL_FILE ]]; then read POOL_SIZE <$POOL_FILE else POOL_SIZE=512 fi -/bin/dd if=/dev/urandom of=$RANDOM_SEED count=1 bs=$POOL_SIZE &> /dev/null +dd if=/dev/urandom of=$RANDOM_SEED count=1 bs=$POOL_SIZE &> /dev/null stat_done if [[ $TIMEZONE && -e /usr/share/zoneinfo/$TIMEZONE ]]; then - /bin/rm -f /etc/localtime + rm -f /etc/localtime status "Saving Time Zone" \ - /bin/cp "/usr/share/zoneinfo/$TIMEZONE" /etc/localtime + cp "/usr/share/zoneinfo/$TIMEZONE" /etc/localtime fi # Write to wtmp file before unmounting -/sbin/halt -w +halt -w -status "Deactivating Swap" /sbin/swapoff -a +status "Deactivating Swap" swapoff -a # stop monitoring of lvm2 groups before unmounting filesystems -if [[ $USELVM =~ yes|YES && -x /sbin/lvm && -d /sys/block ]]; then +if [[ $USELVM =~ yes|YES && -x $(type -P lvm) && -d /sys/block ]]; then status "Deactivating monitoring of LVM2 groups" \ - /sbin/vgchange --monitor n >/dev/null 2>&1 + vgchange --monitor n >/dev/null 2>&1 fi stat_busy "Unmounting Filesystems" -if /bin/grep -q devtmpfs /proc/filesystems &>/dev/null; then - /bin/umount -a -r -t nosysfs,noproc,nodevtmpfs,nodevpts -O no_netdev +if grep -q devtmpfs /proc/filesystems &>/dev/null; then + umount -a -r -t nosysfs,noproc,nodevtmpfs,nodevpts -O no_netdev else # if we don't have devtmpfs support, /dev is mounted as tmpfs, so don't unmount it - /bin/umount -a -r -t notmpfs,nosysfs,noproc,nodevpts -O no_netdev + umount -a -r -t notmpfs,nosysfs,noproc,nodevpts -O no_netdev fi stat_done # Kill non-root encrypted partition mappings -if [[ -f /etc/crypttab && -n $CS ]] && /bin/grep -q ^[^#] /etc/crypttab; then +if [[ -f /etc/crypttab && -n $CS ]] && grep -q ^[^#] /etc/crypttab; then stat_busy "Deactivating encrypted volumes:" # Maybe someone has LVM on an encrypted block device # executing an extra vgchange is errorless if [[ $USELVM =~ yes|YES ]]; then - /sbin/vgchange --sysinit -a n >/dev/null 2>&1 + vgchange --sysinit -a n >/dev/null 2>&1 fi do_lock() { stat_append "${1}.." @@ -79,11 +81,11 @@ if [[ -f /etc/crypttab && -n $CS ]] && /bin/grep -q ^[^#] /etc/crypttab; then stat_done fi -if [[ $USELVM =~ yes|YES && -x /sbin/lvm && -d /sys/block ]]; then - status "Deactivating LVM2 groups" /sbin/vgchange --sysinit -a n >/dev/null 2>&1 +if [[ $USELVM =~ yes|YES && -x $(type -P lvm) && -d /sys/block ]]; then + status "Deactivating LVM2 groups" vgchange --sysinit -a n >/dev/null 2>&1 fi -status "Remounting Root Filesystem Read-only" /bin/mount -n -o remount,ro / +status "Remounting Root Filesystem Read-only" mount -n -o remount,ro / run_hook shutdown_poweroff @@ -91,12 +93,12 @@ run_hook shutdown_poweroff printsep if [[ $RUNLEVEL = 0 ]]; then printhl "${C_H2}POWER OFF" - /sbin/poweroff -d -f -h -i + poweroff -d -f -h -i else printhl "${C_H2}REBOOTING" # if kexec is installed and a kernel is loaded, use it - [[ -x /sbin/kexec ]] && /sbin/kexec -e > /dev/null 2>&1 - /sbin/reboot -d -f -i + [[ -x $(type -P kexec) ]] && kexec -e > /dev/null 2>&1 + reboot -d -f -i fi # End of file -- cgit v1.2.3