Date: Mon, 20 Jul 2015 11:40:36 +0200 From: Polytropon <freebsd@edvax.de> To: Scott Bennett <bennett@sdf.org> Cc: freebsd-questions@freebsd.org Subject: Re: limiting find(1) in /etc/periodic scripts Message-ID: <20150720114036.b83e5116.freebsd@edvax.de> In-Reply-To: <201507200910.t6K9A9J6007857@sdf.org> References: <201507200910.t6K9A9J6007857@sdf.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Jul 2015 04:10:09 -0500, Scott Bennett wrote: > What is the best way to keep find(1) in the various /etc/periodic > scripts from descending into certain directories? If I remember correctly, find will only descend into directories that have the o+rx attribute (readable by everyone). If you do not want a subtree to be searched, make sure it's +rx for the owner and +rx for the group, as well as +w where needed, usually +rwx for the user. A typical setting then is drwxr-x--- for such directories. There is another problem: Directories such as /root should not be searched. The problem is that there will be an additional information leak, like $ locate system_secrets /root/system_secrets.txt And if "descriptive" file names (including names, locations, ID numbers, etc.) are involved, well... -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150720114036.b83e5116.freebsd>