[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cleaning up /var/tmp

On 26 Mar 1997 01:52:55 PST Daniel Quinlan (quinlan@pathname.com) 

> Philippe Troin <phil@fifi.org> writes:
> > There's commented code in the /etc/cron.something-ly to clean /tmp
> > regularly, but it's not activated because of the find+xargs security
> > bug (where a carefully crafted enough filename can cause programs to
> > be executed by the UID running find+xargs).
> Are you sure that's the case?
> # /usr/bin/find /tmp -mindepth 1 -maxdepth 1 -print0 | \
>   /usr/bin/xargs --null rm -rf

Well, it used to be dangerous with old versions of xargs/find.
I think the GNU xargs/find with the -print0 stuff cannot be exploited.
At least I couldn't :-)
Maybe this should be reenabled then ?


Reply to: