From owner-freebsd-security  Tue May 21 21:17:07 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id VAA09263
          for security-outgoing; Tue, 21 May 1996 21:17:07 -0700 (PDT)
Received: from haven.uniserve.com (haven.uniserve.com [198.53.215.121])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id VAA09256
          for <freebsd-security@FreeBSD.ORG>; Tue, 21 May 1996 21:17:03 -0700 (PDT)
Received: by haven.uniserve.com id <30780-15629>; Tue, 21 May 1996 21:20:23 -0800
Date: 	Tue, 21 May 1996 21:20:22 -0700 (PDT)
From: Tom Samplonius <tom@uniserve.com>
To: "Chris J. Layne" <coredump@nervosa.com>, freebsd-security@FreeBSD.ORG
Subject: Re: [linux-security] Things NOT to put in root's crontab (fwd)
In-Reply-To: <Pine.BSF.3.91.960521203607.17971A-100000@haven.uniserve.com>
Message-ID: <Pine.BSF.3.91.960521210454.17971B-100000@haven.uniserve.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


On Tue, 21 May 1996, Tom Samplonius wrote:

> 
> On Tue, 21 May 1996, Chris J. Layne wrote:
> 
> > I think this applies to our cleanup of /tmp in /etc/rc
> 
>   I think it doesn't.
> 
>   Our rm removes links, not files pointed to by links.  So:
> 
> cd /tmp
> ln -s /etc/passwd thing
> rm thing
> 
> will remove the link, not /etc/passwd.

  I don't know what I was thinking when I wrote that:

cd /tmp
ln -s /etc b
rm b/passwd

will remove /etc/passwd.

  However, I don't believe that this method can exploited with 
the standard /etc/rc because we use "rm -rf".  I don't find should be 
doing a depth-first traversal in this case.

  I'll get sleep before I comment more.

Tom