[2577] in bugtraq
Re: [linux-security] Things NOT to put in root's crontab
daemon@ATHENA.MIT.EDU (William McVey)
Wed May 22 17:47:35 1996
Date: Wed, 22 May 1996 14:20:41 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: William McVey <wam@fedex.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Dan Cross wrote:
>I was under the impression that find(1) didn't follow symbolic links?
>Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc
>from somewhere in /tmp.
The exposure comes from a race condition between when find has
decended into a real directory (expected behavior) and when the
'rm' is forked (expected behavior). If between these two tasks a
real directory is replaced with a symlink (unexepected behavior)
you are going to have problems.
-- William
