crontab security question

To: debian-devel@pixar.com (Debian Developers)
Subject: crontab security question
From: Steve Greenland <stevegr@starbase.neosoft.com>
Date: Tue, 28 May 1996 22:27:03 -0500 (CDT)
Message-id: <[🔎] 199605290327.WAA10732@Starbase.NeoSoft.COM>

If I understand the problem with commands like 

	find /tmp -mtime +1 -print | xargs rm -f

correctly, it requires write access to exploit to the directory 
to exploit. Thus, the following entry in cron.daily/standard
is acceptable and I should leave it in, right?

if cd /var/spool/cron/crontabs
then
        find . -name 'tmp.[0-9]*' -mtime +2 -print0 | xargs -r0 rm -f --
fi


Or is there another problem I'm missing?

Steve Greenland

-- 
The Mole - I think, therefore I scream 

			"We call it SHADOWNET!	Pretty cool, eh?"
[A delinquent hacker talks to the Shadow]

Reply to:

Follow-Ups:
- Re: crontab security question
  - From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>

Prev by Date: Bug#3143: sysvinit init.d/network script buglet
Next by Date: Re: The return of RMS and GNU/Linux
Previous by thread: Bug#3144: octave fails to dynamically load functions
Next by thread: Re: crontab security question
Index(es):
- Date
- Thread