[2287] in linux-security and linux-alert archive
[linux-security] Re: Programming ...
daemon@ATHENA.MIT.EDU (Glynn Clements)
Wed Dec 1 04:07:49 1999
From: Glynn Clements <glynn@sensei.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14404.30024.249000.591863@glynn.ingames.com>
Date: Wed, 1 Dec 1999 02:09:25 +0100 (GMT--1:00)
To: hgtaesml@umail.furryterror.org (Zygo Blaxell)
Cc: <linux-security@redhat.com>
In-Reply-To: <slrn847rok.dhq.zblaxell@washu.furryterror.org>
Resent-From: linux-security@redhat.com
Zygo Blaxell wrote:
> Deleting files in /tmp (or a user's home directory, for that matter)
> is not a trivial operation from a security point of view. You can't
> safely use "find" and "xargs"--or even "rm -rf"--unless you can guarantee
> that no users have write access to the directory tree in question
> (e.g. because the system is in single-user mode).
One of the linux-admin subscribers had a neat alternative for /tmp
cleaning, which I couldn't see any problems with. This involved
creating a statically-linked "rm" binary, and then doing e.g.
cp ~/static-rm ~/rm # installing the "rm" binary needs to be
mv -f ~/rm /tmp/rm # safe against symlink games
cd /tmp
chroot /tmp /rm -rf .
--
Glynn Clements <glynn@sensei.co.uk>
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
