[14750] in bugtraq
Re: aaa_base still vulnerable after upgrade
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Tue May 2 18:33:30 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <200005011406.e41E6Kh36396@black-ice.cc.vt.edu>
Date: Mon, 1 May 2000 10:06:19 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To: Matthias Andree <ma@DT.E-TECHNIK.UNI-DORTMUND.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Sat, 29 Apr 2000 23:08:42 +0200."
<m3itx07gyt.fsf@emma1.emma.line.org>
On Sat, 29 Apr 2000 23:08:42 +0200, Matthias Andree <ma@DT.E-TECHNIK.UNI-DORTMUND.DE> said:
> marc@suse.de (Marc Heuse) writes:
> There is no point in discussing this. One simply does not code rm -f
> $DEL_FILE, but rm -f "$DEL_FILE", or better, not even mess with so much
> scripts if a simple find will do (see the announcement).
Note that "simple find" will *still* have problems doing it correctly and
securely. There was a whole thread about this back in the '95-'96 timeframe
about 'find <whatever" | xargs rm' being insecure, which lead to a discussion
of using 'find <whatever> -exec rm' which was STILL insecure.
> > > touch "/tmp/x /etc/rc.config"
> >
> > btw have you ever tried out this command? It won't work. A filename is not
> > allowed to have a slash in it's name ...
>
> That's correct, I missed that (fails with 'no such file or directory'
> since there is no "/tmp/x " directory here). Still, you can delete
Try this:
mkdir -p "/tmp/x /etc/"
touch "/tmp/x /etc/rc.config"
The problem is you can't 'touch /A/B/C/D' if /A/B/C and/or /A/B don't exist
yet.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
