From owner-freebsd-questions  Wed Aug 13 14:52:49 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA00921
          for questions-outgoing; Wed, 13 Aug 1997 14:52:49 -0700 (PDT)
Received: from iconz.co.nz (iconz.co.nz [202.14.100.2])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id OAA00889
          for <freebsd-questions@FreeBSD.ORG>; Wed, 13 Aug 1997 14:52:42 -0700 (PDT)
Received: from news.iconz.co.nz (status.gen.nz [202.14.100.1]) by iconz.co.nz (8.6.12/8.6.10) with ESMTP id JAA06277; Thu, 14 Aug 1997 09:52:24 +1200
Received: (from uucp@localhost)
          by news.iconz.co.nz (8.8.5/8.8.5) with UUCP
	  id JAA14135; Thu, 14 Aug 1997 09:52:22 +1200
Received: from tui.pinnacle.co.nz (tui.pinnacle.co.nz [202.37.163.3])
	by kakapo.pinnacle.co.nz (8.8.7/8.8.7) with ESMTP id JAA03217;
	Thu, 14 Aug 1997 09:45:35 +1200 (NZST)
Received: from localhost (jonc@localhost)
	by tui.pinnacle.co.nz (8.8.7/8.8.7) with SMTP id JAA10085;
	Thu, 14 Aug 1997 09:45:19 +1200 (NZST)
X-Authentication-Warning: tui.pinnacle.co.nz: jonc owned process doing -bs
Date: Thu, 14 Aug 1997 09:45:14 +1200 (NZST)
From: Jonathan Chen <jonc@pinnacle.co.nz>
Reply-To: Jonathan Chen <jonc@pinnacle.co.nz>
To: John-David Childs <jdc@denver.net>
cc: Julian Elischer <julian@whistle.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: Please explain why this is a security hole in /etc/daily
In-Reply-To: <19970812232708.44622@denver.net>
Message-ID: <Pine.SGI.3.95.970814093912.10046A-100000@tui.pinnacle.co.nz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 12 Aug 1997, John-David Childs wrote:

> On Tuesday August 1997, Julian Elischer <julian@whistle.com>
>  had this to say about "Re: Please explain why this is a security hole 
>  in /etc/daily":
> 
> > John-David Childs wrote:
> > > 
> > > happens next if the "action" is "rm -f {} \;"    :=)
> > 
> > the symlink gets deleted?
> 
> The file pointed to by the symlink (/etc/master.passwd) gets deleted.

The security problem John-David describes is only true if you've got a
symlink that points to a directory *AND* the `find' has a -follow.
Otherwise only the symlink gets deleted (as Julian describes).
--
Jonathan Chen                          e-mail : jonc@pinnacle.co.nz
  Pinnacle Software Ltd                Voice  : +64.9.415.4460
  Auckland, New Zealand                Fax    : +64.9.415.4250