From owner-freebsd-security  Sat Feb 21 11:17:38 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA02773
          for freebsd-security-outgoing; Sat, 21 Feb 1998 11:17:38 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns.frihet.com (root@frihet.bayarea.net [205.219.92.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA02768
          for <freebsd-security@freebsd.org>; Sat, 21 Feb 1998 11:17:30 -0800 (PST)
          (envelope-from tweten@ns.frihet.com)
Received: from ns.frihet.com (tweten@localhost [127.0.0.1])
	by ns.frihet.com (8.8.8/8.8.8) with ESMTP id LAA15953
	for <freebsd-security@freebsd.org>; Sat, 21 Feb 1998 11:13:37 -0800 (PST)
	(envelope-from tweten@ns.frihet.com)
Message-Id: <199802211913.LAA15953@ns.frihet.com>
X-Mailer: exmh version 2.0.1 12/23/97
Reply-To: "David E. Tweten" <tweten@frihet.com>
To: freebsd-security@FreeBSD.ORG
Subject: Find, Rm, and Root's Crontab
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 21 Feb 1998 11:13:36 -0800
From: "David E. Tweten" <tweten@ns.frihet.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

I'm being overwhelmed by exmh "#" files, so I investigated why they haven't 
seemed to go away on another machine since it was upgraded from Freebsd 1.1.5 
(!) to the latest Stable.  The answer is a very paranoid sounding and not 
very informative set of comment lines in /etc/daily.

My next step was a search of the FreeBSD security e-mail archives.  I don't 
seem to get along well enough with the mail archive search engine to be able 
to make it show an entire thread.  It did find Chris Layne's forward of the 
original message pointing out that find and rm in /etc/daily constitute s 
security hole, given the weaknesses of each.  The search engine didn't tell 
me anything about any decision as to what should be done.

The original Linux poster's solution is offensive to me (sings all, dances 
all, deletes all, and written in Pearl).  Potential solutions that appeal 
more to my simpler-is-better sensibilities are: fixing find not to get 
confused, and writing (in C!) an rm subset look-alike that won't follow 
symbolic links.  A search of the Gnats data base failed to turn up any 
evidence of a choice having been made.

So, what's the plan?  Are we going to do anything beyond distributing 
/etc/daily with junk file elimination disabled?  If so, what?  And can I help?
-- 
David E. Tweten           |  2047-bit PGP fingerprint:  |  tweten@frihet.com
12141 Atrium Drive        |   E9 59 E7 5C 6B 88 B8 90   |     tweten@and.com
Saratoga, CA  95070-3162  |   65 30 2A A4 A0 BC 49 AE   |     (408) 446-4131
Those who make good products sell products; those who don't, sell solutions.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message