Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [linux-security] Things NOT to put in root's crontab

From: mkienenb () arsc edu (Mike Kienenberger)
Date: Wed, 22 May 1996 11:23:53 -0800

On Wed, 22 May 1996, Dan Cross wrote:

I was under the impression that find(1) didn't follow symbolic links?
Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc
from somewhere in /tmp.

Please don't tell me that Linux (or, more precisely, GNU) broke this.  :-)


No, the problem is that while find won't follow a symbolic link,
it's possible make a really really really long path to a file,
then while that path is being followed by find, you can rename the top-level
directory and just leave a symbolic link for the -exec command.  In this case,
rm.

Ie,  create a real path of a/a/a/a/a/a/a/a/a/a/a/a/a/etc/passwd
Then create a path of      b/a/a/a/a/a/a/a/a/a/a/a/a/etc
where etc is actually a link to /etc/,
then after find starts down a/a/a/a/, rename a to c, and b to a.

Now after the find command completes processing of passwd, rm will
pick up on the new a (formerly b) path.
---
Mike Kienenberger               Arctic Region Supercomputing Center
Systems Analyst                 (907) 474-6842
mkienenb () arsc edu               http://www.arsc.edu
Previous By Date Next
Previous By Thread Next

Current thread: