Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 08 Aug 2000 23:56:12 +0100
From:      Brian Somers <brian@Awfulhak.org>
To:        Kris Kennaway <kris@FreeBSD.org>
Cc:        Brian Somers <brian@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org
Subject:   Re: cvs commit: src/etc rc 
Message-ID:  <200008082256.XAA03062@hak.lan.Awfulhak.org>
In-Reply-To: Message from Kris Kennaway <kris@FreeBSD.org>  of "Tue, 08 Aug 2000 15:24:52 PDT." <Pine.BSF.4.21.0008081521460.95705-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On Tue, 8 Aug 2000, Brian Somers wrote:
> 
> > brian       2000/08/08 06:30:28 PDT
> > 
> >   Modified files:
> >     etc                  rc 
> >   Log:
> >   Don't use find(1) before nfs filesystems have been mounted as
> >   it lives in /usr/bin.  Instead, locate files manually.
> >   
> >   Note, only *files* under /var/spool/lock are now deleted rather
> >   than everything that's not a directory.  I think this is more
> >   correct, but if anyone disagrees please feel free to change it.
> 
> This is vulnerable to filenames with spaces in them and the like. Granted,
> the directory is not world-writable, but we've had several "group dialer"
> or "user uucp" exploits in ports.
> 
> morden# ls -ld /var/spool/lock
> drwxrwxr-x  2 uucp  dialer  512 Aug  8 14:26 /var/spool/lock

How is it vulnerable to files with spaces ?  I have specifically 
tested this with filenames containing embedded spaces and ^Hs and the 
like.

The only vulnerability I'm aware of is the time difference between 
identifying it as a file and removing it, and that's not an issue as 
there are not yet any users.

> Kris
> 
> --
> In God we Trust -- all others must submit an X.509 certificate.
>     -- Charles Forsythe <forsythe@alum.mit.edu>

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>;                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008082256.XAA03062>