From owner-cvs-all Tue Aug 8 16: 0:26 2000 Delivered-To: cvs-all@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 9405E37BEE9; Tue, 8 Aug 2000 16:00:16 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.9.3/8.9.3) with ESMTP id XAA76441; Tue, 8 Aug 2000 23:56:20 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id XAA03062; Tue, 8 Aug 2000 23:56:15 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200008082256.XAA03062@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Kris Kennaway Cc: Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org Subject: Re: cvs commit: src/etc rc In-Reply-To: Message from Kris Kennaway of "Tue, 08 Aug 2000 15:24:52 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 08 Aug 2000 23:56:12 +0100 From: Brian Somers Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > On Tue, 8 Aug 2000, Brian Somers wrote: > > > brian 2000/08/08 06:30:28 PDT > > > > Modified files: > > etc rc > > Log: > > Don't use find(1) before nfs filesystems have been mounted as > > it lives in /usr/bin. Instead, locate files manually. > > > > Note, only *files* under /var/spool/lock are now deleted rather > > than everything that's not a directory. I think this is more > > correct, but if anyone disagrees please feel free to change it. > > This is vulnerable to filenames with spaces in them and the like. Granted, > the directory is not world-writable, but we've had several "group dialer" > or "user uucp" exploits in ports. > > morden# ls -ld /var/spool/lock > drwxrwxr-x 2 uucp dialer 512 Aug 8 14:26 /var/spool/lock How is it vulnerable to files with spaces ? I have specifically tested this with filenames containing embedded spaces and ^Hs and the like. The only vulnerability I'm aware of is the time difference between identifying it as a file and removing it, and that's not an issue as there are not yet any users. > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message