Bugtraq mailing list archives
Re: aaa_base still vulnerable after upgrade
From: Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)
Date: Mon, 1 May 2000 10:06:19 -0400
On Sat, 29 Apr 2000 23:08:42 +0200, Matthias Andree <ma () DT E-TECHNIK UNI-DORTMUND DE> said:
marc () suse de (Marc Heuse) writes: There is no point in discussing this. One simply does not code rm -f $DEL_FILE, but rm -f "$DEL_FILE", or better, not even mess with so much scripts if a simple find will do (see the announcement).
Note that "simple find" will *still* have problems doing it correctly and securely. There was a whole thread about this back in the '95-'96 timeframe about 'find <whatever" | xargs rm' being insecure, which lead to a discussion of using 'find <whatever> -exec rm' which was STILL insecure.
touch "/tmp/x /etc/rc.config"btw have you ever tried out this command? It won't work. A filename is not allowed to have a slash in it's name ...That's correct, I missed that (fails with 'no such file or directory' since there is no "/tmp/x " directory here). Still, you can delete
Try this: mkdir -p "/tmp/x /etc/" touch "/tmp/x /etc/rc.config" The problem is you can't 'touch /A/B/C/D' if /A/B/C and/or /A/B don't exist yet. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- Re: aaa_base still vulnerable after upgrade Valdis.Kletnieks () VT EDU (May 01)
- <Possible follow-ups>
- Re: aaa_base still vulnerable after upgrade Horst von Brand (May 01)