Bugtraq mailing list archives
local user can delete arbitrary files on SuSE-Linux
From: peter () GMV SPM UNIV-RENNES1 FR (Peter Münster)
Date: Fri, 21 Apr 2000 08:48:55 +0200
Hello, If MAX_DAYS_IN_TMP > 0 in /etc/rc.config on a SuSE-Linux system, a local user can delete arbitrary files by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d The bug is in /etc/cron.daily/aaa_base for SuSE version 6.3 or perhaps also in /root/bin/cron.daily for older SuSE versions. Tested on SuSE 6.0 and 6.3 but probably existent on earlier versions. Here a possible patch for suse-package aaa_base-2000.1.3-0: --- aaa_base~ Mon Jan 3 18:16:55 2000 +++ aaa_base Fri Apr 21 08:42:19 2000 @@ -158,20 +158,10 @@ done for TMP_DIR in $TMP_DIRS_TO_CLEAR ; do - for DEL_FILE in `find $TMP_DIR/. $OMIT \( -type f -o -type l \) \ - -atime +$MAX_DAYS_IN_TMP | sort -r` ; do - rm -f $DEL_FILE - DEL_DIR=`dirname $DEL_FILE` - if [ "$DEL_DIR" != "$TMP_DIR/." ] ; then - rmdir $DEL_DIR 2> /dev/null - fi - done - done - for DEL_DIR in `find $TMP_DIR/. $OMIT \( -type d \) \ - -ctime +$MAX_DAYS_IN_TMP | sort -r` ; do - if [ "$DEL_DIR" != "$TMP_DIR/." ] ; then - rmdir $DEL_DIR 2> /dev/null - fi + find $TMP_DIR/. $OMIT ! -type d \ + -atime +$MAX_DAYS_IN_TMP -exec rm -f '{}' ';' + find $TMP_DIR/. $OMIT -depth -type d -empty -mindepth 1 \ + -mtime +$MAX_DAYS_IN_TMP -exec rmdir '{}' ';' done fi Cheers, Peter -- Peter Münster http://gmv.spm.univ-rennes1.fr/~peter/
Current thread:
- Re: Reappearance of an old IE security bug Elias Levy (Apr 19)
- Re: Reappearance of an old IE security bug Darren Reed (Apr 19)
- DOS attack against HP JetDirect Printers (fwd) Alfred Huger (Apr 20)
- Re: DOS attack against HP JetDirect Printers (fwd) Hobbes Gobs Llin (Apr 20)
- another WU imapd buffer overflow Michal Szymanski (Apr 20)
- Re: DOS attack against HP JetDirect Printers (fwd) Gwendolynn ferch Elydyr (Apr 20)
- Re: DOS attack against HP JetDirect Printers (fwd) Ben Woodard (Apr 21)
- local user can delete arbitrary files on SuSE-Linux Peter Münster (Apr 20)
- Re: local user can delete arbitrary files on SuSE-Linux Pavel Kankovsky (Apr 22)
- Re: DOS attack against HP JetDirect Printers (fwd) Terran Melconian (Apr 21)