[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: cleaning up /var/tmp

On Wed, 26 Mar 1997 18:34:56 +0100 Winfried Truemper 
(winni@xpilot.org) wrote:

> On Wed, 26 Mar 1997, Philippe Troin wrote:
> 
> > Well, it used to be dangerous with old versions of xargs/find.
> > I think the GNU xargs/find with the -print0 stuff cannot be exploited.
> > At least I couldn't :-)
> > Maybe this should be reenabled then ?
> 
> For more information see the home-page of Zygo Blaxell
> 
>         http://www.ultratech.net/~zblaxell/

This pages tells two problems:
  1) Symlinks in /tmp can delete any file on the fs
	ln -s /etc/passwd /tmp/foo
	find /tmp +atime 7 | xargs rm -f
     will remove /etc/passwd !
  2) One can create a shitload of nested symlinked directories in /tmp
     which will make the system crawl when a find /tmp is attempted
     (note the _directories_ part, symlinks to symlinks will get
     trapped by the kernel "Too many symbolic links encountered")

These two problems are addressed by the Debian way of doing things:
  find . -type f -atime +3 -print0 | xargs -r0 rm -f --
  find . ! -name . -type d -mtime +1 -print0 | xargs -r0 rmdir

Because we never follow symlinks, but only real files and real directories.
Symlinks, device files, sockets and other pipes will remain in /tmp (we could replace the -type f by ! -type l if we wanted to get rid of these).
Other flaws ?

Phil.
Reply to: