Date: Tue, 12 Aug 1997 23:33:41 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: John-David Childs <jdc@denver.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Please explain why this is a security hole in /etc/daily Message-ID: <Pine.BSF.3.95.970812233135.15863B-100000@current1.whistle.com> In-Reply-To: <19970812232708.44622@denver.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 12 Aug 1997, John-David Childs wrote:
> On Tuesday August 1997, Julian Elischer <julian@whistle.com>
> had this to say about "Re: Please explain why this is a security hole
> in /etc/daily":
>
> > John-David Childs wrote:
> > >
> > > happens next if the "action" is "rm -f {} \;" :=)
> >
> > the symlink gets deleted?
>
> The file pointed to by the symlink (/etc/master.passwd) gets deleted.
last time I looked, neither find nor rm traversed symlinks.
you need to make a DIRECTORY for this to work, not a file
as you gave in your example..
julian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970812233135.15863B-100000>