[742] in linux-security and linux-alert archive
Re: More find -exec rm dangers was: Re: BoS: Re: [linux-security]
daemon@ATHENA.MIT.EDU (Igor Chudov @ home)
Sat Jun 1 21:14:38 1996
To: jpp@software.net (John Pettitt)
Date: Thu, 30 May 1996 23:50:10 -0500 (CDT)
Cc: whitis@dbd.com, zblaxell@myrus.com, linux-security@tarsier.cv.nrao.edu,
best-of-security@suburbia.net
Reply-To: ichudov@algebra.com (Igor Chudov)
In-Reply-To: <2.2.32.19960524180112.00c0a8c0@mail.software.net> from "John Pettitt" at May 24, 96 11:01:12 am
From: ichudov@algebra.com (Igor Chudov @ home)
John Pettitt wrote:
> >On Tue, 21 May 1996, Zygo Blaxell wrote:
> >> >From Redhat's /etc/crontab file:
> >> ># Remove /var/tmp files not accessed in 10 days
> >> >43 02 * * * root find /var/tmp/* -atime +3 -exec rm -f {} \; 2> /dev/null
>
> Find (at least the linux source I have) uses execvp to run commands, since
> execvp follows the PATH environement to find the target program, since
> *many* people still have a '.' in a root path (silly bu true) find can be
> fooled into running arbitary programs by leaving a program called 'rm' in
> the right place.
>
> At the very least the -exec should be /bin/rm
FYI, find is called from cron daemon, which sets a predefined
PATH for all programs that it executes. Therefore, your comment
does not apply to cron jobs
- Igor.
