Bug#3099: etc/cron.daily/standard security hole
> Are you sure this will work even with "find ... -print0 | xargs -0 rm"?
> It's pretty obvious how to make it remove any file without those
> arguments, but I can't think of a way with.
Yes, I think it will still work. The attack involves replacing pathname
components with symlinks between find and rm.
> Is there an archive of the linux-security mailing list somewhere where
> I could read the original message?
ftp://linux.nrao.edu/pub/linux/security/list-archive/linux-security/
I received a few requests to repost the message from linux-security
so I've just sent it to debian-bugs.
Marek
Reply to: