Date: Mon, 11 Aug 1997 22:38:09 +0200 (CEST) From: Andre Albsmeier <Andre.Albsmeier@mchp.siemens.de> To: freebsd-questions@freebsd.org Subject: Please explain why this is a security hole in /etc/daily Message-ID: <199708112038.WAA19822@curry.mchp.siemens.de>
next in thread | raw e-mail | index | archive | help
Hi,
using 2.2-STABLE we find the following in /etc/daily:
# This is a security hole, never use 'find' on a public directory
# with -exec rm -f as root. This can be exploited to delete any file
# on the system.
#
#find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
# \( -name '[#,]*' -o -name '.#*' -o -name a.out -o -name '*.core' \
# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
# -a -atime +3 -exec rm -f -- {} \;
#
#
# The same security hole. Purge the temp directories from unused stuff.
# Note that we must not accidentally clean the X11 lock files.
#
# Use at your own risk, but for a long-living system, this might come
# more useful than the boot-time cleaning of /tmp. If /var/tmp and
# /tmp are symlinked together, only one of the below will actually
# run.
Please tell me, why this is so, and how I could clean /tmp securely
since this is no longer done at startup. I have experimented a bit
with find and symlinks but didn't find anything unsecure :-)
Thanks very much,
-Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708112038.WAA19822>