Re: cleaning up /var/tmp

To: Daniel Quinlan <quinlan@pathname.com>
Cc: debian-devel@lists.debian.org
Subject: Re: cleaning up /var/tmp
From: Philippe Troin <phil@fifi.org>
Date: Wed, 26 Mar 1997 02:10:56 -0800
Message-id: <[🔎] 199703261010.CAA09737@tantale.fifi.org>
In-reply-to: Your message of "26 Mar 1997 01:52:55 PST." <[🔎] yf2end30yko.fsf@pathname.com>

On 26 Mar 1997 01:52:55 PST Daniel Quinlan (quinlan@pathname.com) 
wrote:

> Philippe Troin <phil@fifi.org> writes:
> 
> > There's commented code in the /etc/cron.something-ly to clean /tmp
> > regularly, but it's not activated because of the find+xargs security
> > bug (where a carefully crafted enough filename can cause programs to
> > be executed by the UID running find+xargs).
> 
> Are you sure that's the case?
> 
> # /usr/bin/find /tmp -mindepth 1 -maxdepth 1 -print0 | \
>   /usr/bin/xargs --null rm -rf

Well, it used to be dangerous with old versions of xargs/find.
I think the GNU xargs/find with the -print0 stuff cannot be exploited.
At least I couldn't :-)
Maybe this should be reenabled then ?

Phil.

Reply to:

Follow-Ups:
- Re: cleaning up /var/tmp
  - From: Winfried Truemper <winni@xpilot.org>

References:
- Re: cleaning up /var/tmp
  - From: Daniel Quinlan <quinlan@pathname.com>

Prev by Date: Re: cleaning up /var/tmp
Next by Date: Re: SOLVED: Re: Bug#8294: dpkg: Packages with epochs make old Debian installations not upgradable
Previous by thread: Re: cleaning up /var/tmp
Next by thread: Re: cleaning up /var/tmp
Index(es):
- Date
- Thread