Date: Thu, 14 Aug 1997 13:55:52 -0400 From: bill@twwells.com (T. William Wells) To: freebsd-questions@FreeBSD.ORG Subject: Re: Please explain why this is a security hole in /etc/daily Message-ID: <5su4jm$91l@twwells.com> References: <19970812232708.44622@denver.net> <Pine.SGI.3.95.970814093912.10046A-100000@tui.pinnacle.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Filenames may have newlines in them. Create, in /tmp, /tmp/fuckyou\n/etc/master.passwd (\n representing a newline character); find prints /tmp/fuckyou /etc/master.passwd on two separate lines. The xargs program cheerfully makes two arguments to rm for it...and there goes your master.passwd.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5su4jm$91l>