Re: /etc/crontab.daily and the security hole in find | xargs
-----BEGIN PGP SIGNED MESSAGE-----
On 9 Aug 1997, Carey Evans wrote:
>> The only solution is to come up with a program that
>> never follows syslinks, and checks that the i-node of the file it is
>> removing remains the same.
>
>Actually, i-nodes can be recycled, so it isn't a good idea to depend
>on that:
The perl program that the discoverer of this security hole proposed will
take care of this. It uses a lot of checks to make sure, the files to be
deleted are the ones intended, and checking the inode number is only one of
many tests.
Unfortunately I forgot the URL where I read about this
Nils
- --
\ / | Nils Rennebarth
--* WINDOWS 42 *-- | Schillerstr. 61
/ \ | 37083 Göttingen
| ++49-551-71626
Micro$oft's final answer | http://www.nus.de/~nils
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQB1AwUBM+xqzVptA0IhBm0NAQFjDQL/ew6F2xXKldFd4jGNfopEyXDcxPmbtmLD
SCp8l0zTmb+efcqWeSQx0W/tvZjhq0VEpvYIFoWYtwqXnGaYuZ9X5l6bhzxxsij2
n0Xyc4rSi4hoDbLaL8bpb2qPTWSHz0TW
=N8PX
-----END PGP SIGNATURE-----
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: