From owner-freebsd-security  Tue May 21 23:54:12 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id XAA22659
          for security-outgoing; Tue, 21 May 1996 23:54:12 -0700 (PDT)
Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.241])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA22653
          for <freebsd-security@FreeBSD.ORG>; Tue, 21 May 1996 23:54:09 -0700 (PDT)
Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.6.12/8.6.12) id XAA13950; Tue, 21 May 1996 23:53:40 -0700
From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>
Message-Id: <199605220653.XAA13950@GndRsh.aac.dev.com>
Subject: Re: [linux-security] Things NOT to put in root's crontab (fwd)
To: tom@uniserve.com (Tom Samplonius)
Date: Tue, 21 May 1996 23:53:40 -0700 (PDT)
Cc: coredump@nervosa.com, freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.91.960521210454.17971B-100000@haven.uniserve.com> from Tom Samplonius at "May 21, 96 09:20:22 pm"
X-Mailer: ELM [version 2.4ME+ PL11 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 
> On Tue, 21 May 1996, Tom Samplonius wrote:
> 
> > 
> > On Tue, 21 May 1996, Chris J. Layne wrote:
> > 
> > > I think this applies to our cleanup of /tmp in /etc/rc
> > 
> >   I think it doesn't.
> > 
> >   Our rm removes links, not files pointed to by links.  So:
> > 
> > cd /tmp
> > ln -s /etc/passwd thing
> > rm thing
> > 
> > will remove the link, not /etc/passwd.
> 
>   I don't know what I was thinking when I wrote that:
> 
> cd /tmp
> ln -s /etc b
> rm b/passwd
> 
> will remove /etc/passwd.
> 
>   However, I don't believe that this method can exploited with 
> the standard /etc/rc because we use "rm -rf".  I don't find should be 
> doing a depth-first traversal in this case.

/etc/rc is not the problem, /etc/*ly is:
SkyRsh# grep exec /etc/*ly
/etc/daily:     find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
                                           ^^^^^^^^^^^
/etc/daily:     find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
                                           ^^^^^^^^^^^
/etc/daily:#            -a -atime +3 -exec rm -f -- {} \;
                                     ^^^^^^^^^^^
/etc/weekly:PATH=/bin:/sbin:/usr/sbin:/usr/bin:/usr/libexec
/etc/weekly:#find /usr/src -name '*.o' -atime +21 -print -a -exec rm -f {} \;
                                                             ^^^^^^^^^^^
/etc/weekly:echo /usr/libexec/locate.updatedb | nice -5 su -m nobody 2>&1 |\

> 
>   I'll get sleep before I comment more.
> 
> Tom
> 


-- 
Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
Accurate Automation Company                 Reliable computers for FreeBSD