Re: cleaning up /var/tmp
On 26 Mar 1997 01:52:55 PST Daniel Quinlan (firstname.lastname@example.org)
> Philippe Troin <email@example.com> writes:
> > There's commented code in the /etc/cron.something-ly to clean /tmp
> > regularly, but it's not activated because of the find+xargs security
> > bug (where a carefully crafted enough filename can cause programs to
> > be executed by the UID running find+xargs).
> Are you sure that's the case?
> # /usr/bin/find /tmp -mindepth 1 -maxdepth 1 -print0 | \
> /usr/bin/xargs --null rm -rf
Well, it used to be dangerous with old versions of xargs/find.
I think the GNU xargs/find with the -print0 stuff cannot be exploited.
At least I couldn't :-)
Maybe this should be reenabled then ?