Bugtraq mailing list archives
Re: [linux-security] Things NOT to put in root's crontab
From: mkienenb () arsc edu (Mike Kienenberger)
Date: Wed, 22 May 1996 11:23:53 -0800
On Wed, 22 May 1996, Dan Cross wrote:
I was under the impression that find(1) didn't follow symbolic links? Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc from somewhere in /tmp. Please don't tell me that Linux (or, more precisely, GNU) broke this. :-)
No, the problem is that while find won't follow a symbolic link, it's possible make a really really really long path to a file, then while that path is being followed by find, you can rename the top-level directory and just leave a symbolic link for the -exec command. In this case, rm. Ie, create a real path of a/a/a/a/a/a/a/a/a/a/a/a/a/etc/passwd Then create a path of b/a/a/a/a/a/a/a/a/a/a/a/a/etc where etc is actually a link to /etc/, then after find starts down a/a/a/a/, rename a to c, and b to a. Now after the find command completes processing of passwd, rm will pick up on the new a (formerly b) path. --- Mike Kienenberger Arctic Region Supercomputing Center Systems Analyst (907) 474-6842 mkienenb () arsc edu http://www.arsc.edu
Current thread:
- tcpd on IRIX (was Re: SunOS 4.1.4 fingerd) der Mouse (May 21)
- Re: tcpd on IRIX (was Re: SunOS 4.1.4 fingerd) Bernd Lehle (May 21)
- Denial of Service Attacks INFO Christopher Klaus (May 21)
- Sun Security Bulletin #135 Mark Graff (May 21)
- [linux-security] Things NOT to put in root's crontab Zygo Blaxell (May 21)
- Re: [linux-security] Things NOT to put in root's crontab Dan Cross (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Jon Lewis (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Dan Cross (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Mike Kienenberger (May 22)
- Re: [linux-security] Things NOT to put in root's crontab [via Squidge (May 23)
- Re: [linux-security] Things NOT to put in root's crontab [via Colin Jenkins (May 24)
- Re: [linux-security] Things NOT to put in root's crontab Dan Cross (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Zygo Blaxell (May 23)
- Re: SGI Security Advisory 19960501-01-PX Raymond W L Martin (May 22)