From owner-freebsd-security  Wed May 22 02:26:43 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id CAA05235
          for security-outgoing; Wed, 22 May 1996 02:26:43 -0700 (PDT)
Received: from nil.fnet.fr (nil.fnet.fr [193.104.112.66])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id CAA05203
          for <freebsd-security@freebsd.org>; Wed, 22 May 1996 02:26:24 -0700 (PDT)
Received: from nil.fnet.fr (localhost.fnet.fr [127.0.0.1]) by nil.fnet.fr (8.7.5/8.7.3) with ESMTP id LAA00905; Wed, 22 May 1996 11:24:56 +0100 (METDST)
Message-Id: <199605221024.LAA00905@nil.fnet.fr>
To: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com>
cc: freebsd-security@freebsd.org
Subject: Re: [linux-security] Things NOT to put in root's crontab (fwd) 
In-reply-to: Your message of "Tue, 21 May 1996 23:53:40 METDST."
             <199605220653.XAA13950@GndRsh.aac.dev.com> 
X-MAILER: MH 6.8.3
Date: Wed, 22 May 1996 11:24:56 +0100
From: Luc Beurton <beurton@fnet.fr>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


#> 
#> On Tue, 21 May 1996, Tom Samplonius wrote:
#> 
#> > 
#> > On Tue, 21 May 1996, Chris J. Layne wrote:
#> > 
#> > > I think this applies to our cleanup of /tmp in /etc/rc
#> > 
#> >   I think it doesn't.
#> > 
#> >   Our rm removes links, not files pointed to by links.  So:
#> > 
#> > cd /tmp
#> > ln -s /etc/passwd thing
#> > rm thing
#> > 
#> > will remove the link, not /etc/passwd.
#> 
#>   I don't know what I was thinking when I wrote that:
#> 
#> cd /tmp
#> ln -s /etc b
#> rm b/passwd
#> 
#> will remove /etc/passwd.
#> 
#>   However, I don't believe that this method can exploited with 
#> the standard /etc/rc because we use "rm -rf".  I don't find should be 
#> doing a depth-first traversal in this case.
#
#/etc/rc is not the problem, /etc/*ly is:
#SkyRsh# grep exec /etc/*ly
#/etc/daily:     find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
#                                           ^^^^^^^^^^^
#/etc/daily:     find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
#                                           ^^^^^^^^^^^
#/etc/daily:#            -a -atime +3 -exec rm -f -- {} \;
#                                     ^^^^^^^^^^^
#/etc/weekly:PATH=/bin:/sbin:/usr/sbin:/usr/bin:/usr/libexec
#/etc/weekly:#find /usr/src -name '*.o' -atime +21 -print -a -exec rm -f {} \;
#                                                             ^^^^^^^^^^^
#/etc/weekly:echo /usr/libexec/locate.updatedb | nice -5 su -m nobody 2>&1 |\

'-exec rm -f' is not a probleme because:
only /var/tmp/etc (the symbolic link) will be removed

I think ,the real probleme is to use the flags `-r' because rm follow the symbolic link.

Luc.

#> 
#>   I'll get sleep before I comment more.
#> 
#> Tom
#> 
#
#
#-- 
#Rod Grimes                                      rgrimes@gndrsh.aac.dev.com
#Accurate Automation Company                 Reliable computers for FreeBSD