/etc/crontab.daily and the security hole in find | xargs
[Sorry if this question has been adressed a zillion times but the
search function of the archive seems broken]
[Sorry again: I am reading this list through the web-archives and
august hasn't appeared yet. Could you CC me]
First of all let me thank everybody who has worked on Debian 1.3.1 for
all their efforts. It is greatly appreciated. (Using a distribution
does make one feel as if somebody else has tinkered with your system
though :-)).
I was checking out the files in /etc/crontab.daily and there it says
above the standard
find <old tmp files> | xargs rm
lines something to the effect of "These lines commented out because of
the obvious security hole".
What security hole?
The only one I think I can see would be that xargs actually passes
it's command line to the shell without properly escaping the filenames
it puts in.
Regardless of the nature of the hole: Is this fixed somehwere? The above
"hole" would be fixed by making xargs call rm directly I think.
Thanks again,
Jan
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: