[2658] in bugtraq
Re: [linux-security] Things NOT to put in root's crontab
daemon@ATHENA.MIT.EDU (Allen Wheelwright)
Mon Jun 3 13:54:12 1996
Date: Mon, 3 Jun 1996 10:53:30 +0100
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Allen Wheelwright <apw24@hermes.cam.ac.uk>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.LNX.3.91.960530175349.32040C-100000@students.si.fct.unl.pt>
On Thu, 30 May 1996, Jorge Guilherme wrote:
<snip>
> And now for some more bad news:
> Imagine a 'find /tmp |xargs rm -f --'. To exploit this one you NEED NO
> RACE condition. All that needs to be done is to create a directory called
> ' ' (Yeap, that's a single space) and inside it create another one called
> 'etc'and inside that one do a 'touch passwd'.
> xargs will see the name of the directory ' ' as a field separator and
> will pass to rm the argument '/etc/passwd'.
You can get around the problem with a directory called ` ' acting as a
separator by doing something like:
find /tmp -print0 | xargs -r0 rm -f --
The -print0 option in find separates filenames with the null character.
-r0 sets this as the separator for xargs (and causes the command not to be
run if there are no files found).
Allen
........................................................................
Allen Wheelwright <apw24@cam.ac.uk> Tel. 01223 465546 (external)
Churchill College, Cambridge, CB3 0DS. or 135546 (university)
