[740] in linux-security and linux-alert archive
More find -exec rm dangers was: Re: BoS: Re: [linux-security]
daemon@ATHENA.MIT.EDU (John Pettitt)
Thu May 30 12:05:23 1996
Date: Fri, 24 May 1996 11:01:12 -0700
To: Mark Whitis <whitis@dbd.com>, Zygo Blaxell <zblaxell@myrus.com>
From: John Pettitt <jpp@software.net>
Cc: linux-security@tarsier.cv.nrao.edu, best-of-security@suburbia.net
At 12:56 PM 5/24/96 -0400, Mark Whitis wrote:
>On Tue, 21 May 1996, Zygo Blaxell wrote:
>
>> >From Redhat's /etc/crontab file:
>> ># Remove /var/tmp files not accessed in 10 days
>> >43 02 * * * root find /var/tmp/* -atime +3 -exec rm -f {} \; 2> /dev/null
>> >
>
>
Find (at least the linux source I have) uses execvp to run commands, since
execvp follows the PATH environement to find the target program, since
*many* people still have a '.' in a root path (silly bu true) find can be
fooled into running arbitary programs by leaving a program called 'rm' in
the right place.
At the very least the -exec should be /bin/rm
John Pettitt, jpp@software.net
EVP, CyberSource Corporation, 415 473 3065
PGP Key available at:
http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=0xB7AA3705
