Date: Tue, 12 Aug 1997 23:27:08 -0600 From: John-David Childs <jdc@denver.net> To: Julian Elischer <julian@whistle.com> Cc: freebsd-questions@freebsd.org Subject: Re: Please explain why this is a security hole in /etc/daily Message-ID: <19970812232708.44622@denver.net> In-Reply-To: <33F12CB1.446B9B3D@whistle.com>; from Julian Elischer on Tue, Aug 12, 1997 at 08:40:33PM -0700 References: <199708112038.WAA19822@curry.mchp.siemens.de> <19970812211715.37172@denver.net> <33F12CB1.446B9B3D@whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday August 1997, Julian Elischer <julian@whistle.com>
had this to say about "Re: Please explain why this is a security hole
in /etc/daily":
> John-David Childs wrote:
> >
> > happens next if the "action" is "rm -f {} \;" :=)
>
> the symlink gets deleted?
The file pointed to by the symlink (/etc/master.passwd) gets deleted.
>From a posting to BUGTRAQ (and linux-security) last year by Zygo Blaxell:
>Folks, do NOT use 'find' on a public directory with '-exec rm -f' as
> root. Period. Ever. Delete it from your crontab *now* and finish
> reading the rest of this message later.
> * PROBLEM DISCUSSION AND EXPLOITATION
> The immediate security problem is that 'rm' doesn't check that
> components of the directory name are not symlinks. This means that you
> can delete any file on the system; indeed, with a little work you can
> delete *every* file on the system, provided that you can determine the
> file names (though you might be limited to deleting files more than ten
I'll dig up the full article/thread if I have time tomorrow (or you can
search the BUGTRAQ archives...).
--
John-David Childs (JC612) Enterprise Internet Solutions
System Administrator @denver.net/Internet-Coach/@ronan.net
& Network Engineer 901 E 17th Ave, Denver 80218
As of this^H^H^H^H next week, passwords will be entered in Morse code.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970812232708.44622>