Re: [linux-security] Things NOT to put in root's crontab
Allen Wheelwright (apw24@hermes.cam.ac.uk)
Mon, 3 Jun 1996 10:53:30 +0100
On Thu, 30 May 1996, Jorge Guilherme wrote:
<snip>
> And now for some more bad news:
> Imagine a 'find /tmp |xargs rm -f --'. To exploit this one you NEED NO
> RACE condition. All that needs to be done is to create a directory called
> ' ' (Yeap, that's a single space) and inside it create another one called
> 'etc'and inside that one do a 'touch passwd'.
> xargs will see the name of the directory ' ' as a field separator and
> will pass to rm the argument '/etc/passwd'.
You can get around the problem with a directory called ` ' acting as a
separator by doing something like:
find /tmp -print0 | xargs -r0 rm -f --
The -print0 option in find separates filenames with the null character.
-r0 sets this as the separator for xargs (and causes the command not to be
run if there are no files found).
Allen
........................................................................
Allen Wheelwright <apw24@cam.ac.uk> Tel. 01223 465546 (external)
Churchill College, Cambridge, CB3 0DS. or 135546 (university)