Date: Fri, 15 Aug 1997 09:26:07 +1200 (NZST) From: Jonathan Chen <jonc@pinnacle.co.nz> To: "T. William Wells" <bill@twwells.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Please explain why this is a security hole in /etc/daily Message-ID: <Pine.SGI.3.95.970815091813.2384A-100000@tui.pinnacle.co.nz> In-Reply-To: <5su4jm$91l@twwells.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 14 Aug 1997, T. William Wells wrote:
> Filenames may have newlines in them. Create, in /tmp,
> /tmp/fuckyou\n/etc/master.passwd
>
> (\n representing a newline character); find prints
>
> /tmp/fuckyou
> /etc/master.passwd
>
> on two separate lines. The xargs program cheerfully makes two
> arguments to rm for it...and there goes your master.passwd.
A good reason for not using `xargs'. However, the cleanup script uses
`find ... -exec rm -f {} \;' which correctly hands the whole filename,
whitespace and all, as its argument to `rm'.
Still haven't seen anything that would indicate a security issue
as yet.
--
Jonathan Chen e-mail : jonc@pinnacle.co.nz
Pinnacle Software Ltd Voice : +64.9.415.4460
Auckland, New Zealand Fax : +64.9.415.4250
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.3.95.970815091813.2384A-100000>