From owner-freebsd-questions Tue Aug 12 22:16:05 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA22226 for questions-outgoing; Tue, 12 Aug 1997 22:16:05 -0700 (PDT) Received: from milehigh.denver.net (milehigh.denver.net [204.144.180.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA22216 for ; Tue, 12 Aug 1997 22:16:02 -0700 (PDT) Received: (from jdc@localhost) by milehigh.denver.net (8.8.5/8.8.5) id XAA09055; Tue, 12 Aug 1997 23:27:09 -0600 (MDT) Message-ID: <19970812232708.44622@denver.net> Date: Tue, 12 Aug 1997 23:27:08 -0600 From: John-David Childs To: Julian Elischer Cc: freebsd-questions@freebsd.org Subject: Re: Please explain why this is a security hole in /etc/daily References: <199708112038.WAA19822@curry.mchp.siemens.de> <19970812211715.37172@denver.net> <33F12CB1.446B9B3D@whistle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.79 In-Reply-To: <33F12CB1.446B9B3D@whistle.com>; from Julian Elischer on Tue, Aug 12, 1997 at 08:40:33PM -0700 Organization: Enterprise Internet Solutions Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Tuesday August 1997, Julian Elischer had this to say about "Re: Please explain why this is a security hole in /etc/daily": > John-David Childs wrote: > > > > happens next if the "action" is "rm -f {} \;" :=) > > the symlink gets deleted? The file pointed to by the symlink (/etc/master.passwd) gets deleted. >From a posting to BUGTRAQ (and linux-security) last year by Zygo Blaxell: >Folks, do NOT use 'find' on a public directory with '-exec rm -f' as > root. Period. Ever. Delete it from your crontab *now* and finish > reading the rest of this message later. > * PROBLEM DISCUSSION AND EXPLOITATION > The immediate security problem is that 'rm' doesn't check that > components of the directory name are not symlinks. This means that you > can delete any file on the system; indeed, with a little work you can > delete *every* file on the system, provided that you can determine the > file names (though you might be limited to deleting files more than ten I'll dig up the full article/thread if I have time tomorrow (or you can search the BUGTRAQ archives...). -- John-David Childs (JC612) Enterprise Internet Solutions System Administrator @denver.net/Internet-Coach/@ronan.net & Network Engineer 901 E 17th Ave, Denver 80218 As of this^H^H^H^H next week, passwords will be entered in Morse code.