Re: cleaning up /var/tmp

To: debian-devel@lists.debian.org
Subject: Re: cleaning up /var/tmp
From: Guy Maor <maor@ece.utexas.edu>
Date: 26 Mar 1997 13:04:51 -0600
Message-id: <[🔎] 87vi6ea2zc.fsf@slip-78-10.ots.utexas.edu>
In-reply-to: Philippe Troin's message of Wed, 26 Mar 1997 10:03:33 -0800
References: <[🔎] 199703261803.KAA11908@tantale.fifi.org>

Philippe Troin <phil@fifi.org> writes:

> These two problems are addressed by the Debian way of doing things:
>   find . -type f -atime +3 -print0 | xargs -r0 rm -f --
>   find . ! -name . -type d -mtime +1 -print0 | xargs -r0 rmdir
> 
> Because we never follow symlinks, but only real files and real directories.

That can still be exploited because the real files and directories can
be replaced with symlinks.

See http://www.ultratech.net/~zblaxell/find-rm-fix.txt for a complete
analysis and a fix.

Guy

Reply to:

References:
- Re: cleaning up /var/tmp
  - From: Philippe Troin <phil@fifi.org>

Prev by Date: Re: need decision on packages with crypto hooks
Next by Date: Re: cleaning up /var/tmp
Previous by thread: Re: cleaning up /var/tmp
Next by thread: Re: cleaning up /var/tmp
Index(es):
- Date
- Thread