Re: crontab security question

To: Steve Greenland <stevegr@starbase.neosoft.com>
Cc: mitchell@mdd.comm.mot.com (Bill Mitchell), debian-devel@pixar.com (Debian Developers)
Subject: Re: crontab security question
From: Mark Eichin <eichin@cygnus.com>
Date: 29 May 1996 17:14:06 -0400
Message-id: <[🔎] xe1eno39o81.fsf@maneki-neko.cygnus.com>
In-reply-to: Steve Greenland's message of Wed, 29 May 1996 10:05:41 -0500 (CDT)
References: <[🔎] 199605291505.KAA11431@Starbase.NeoSoft.COM>

In fact, anything using "find" and "rm" is vulnerable an attack of
this form. (find doesn't "protect" the chdir, so there's a narrow race
there -- and "-exec" gives a full path from the top of the tree, so
you get a second shot at it :-) NetBSD will probably have some fixes
to the "fts" functions in libc some time soon. A gnuish fix would be
to
	* protect the chdirs in gnu find (and make sure it doesn't
chdir back up, but either rewalks down or uses fchdir on handles it
kept around)
	* add an -exec-local option to find which does the exec from
the target directory, with a relative path, instead of from the top.

I haven't had time to work this up and send it in, and suspect that
others are already doing so (given that I've heard about the problem
third hand through other channels, it's certainly gotten around :-)

Reply to:

References:
- Re: crontab security question
  - From: Steve Greenland <stevegr@starbase.neosoft.com>

Prev by Date: some docs available
Next by Date: Re: Bug#3146: 1.1 installation: ae doesn't work
Previous by thread: Re: crontab security question
Next by thread: Bug#3149: upgrading base truncates utmp
Index(es):
- Date
- Thread