Re: crontab security question

To: mitchell@mdd.comm.mot.com (Bill Mitchell)
Cc: debian-devel@pixar.com (Debian Developers)
Subject: Re: crontab security question
From: Steve Greenland <stevegr@starbase.neosoft.com>
Date: Wed, 29 May 1996 10:05:41 -0500 (CDT)
Message-id: <[🔎] 199605291505.KAA11431@Starbase.NeoSoft.COM>
In-reply-to: <[🔎] 199605291353.GAA12564@bb29c.mdd.comm.mot.com> from "Bill Mitchell" at May 29, 96 06:53:31 am

Bill Mitchell wrote:
> 
> Just a random thought regarding e.g.:
> 
>   find /tmp -mtime +1 -print | xargs rm -f
> 
> It seems that the vulnerability window would be a lot smaller with
> something like:
> 
>   find /tmp -mtime +1 -exec rm -f {} \;
> 

According to the stuff on the filereaper page the second form
is also vulnerable to the same style attack, but may take a *few*
more tries.

(http://www.ultratech.net/~zblaxell/admin_utils/filereaper.txt)

Steve Greenland

-- 
The Mole - I think, therefore I scream 

			    "Hello again, Peabody here..."
[The opening lines to almost every episode of PEABODY & SHERMAN]

Reply to:

Follow-Ups:
- Re: crontab security question
  - From: Mark Eichin <eichin@cygnus.com>

References:
- Re: crontab security question
  - From: Bill Mitchell <mitchell@mdd.comm.mot.com>

Prev by Date: UK Mirror
Next by Date: Bug#3146: 1.1 installation: ae doesn't work
Previous by thread: Re: crontab security question
Next by thread: Re: crontab security question
Index(es):
- Date
- Thread