Bugtraq mailing list archives
Re: [linux-security] Things NOT to put in root's crontab
From: apw24 () hermes cam ac uk (Allen Wheelwright)
Date: Mon, 3 Jun 1996 10:53:30 +0100
On Thu, 30 May 1996, Jorge Guilherme wrote: <snip>
And now for some more bad news: Imagine a 'find /tmp |xargs rm -f --'. To exploit this one you NEED NO RACE condition. All that needs to be done is to create a directory called ' ' (Yeap, that's a single space) and inside it create another one called 'etc'and inside that one do a 'touch passwd'. xargs will see the name of the directory ' ' as a field separator and will pass to rm the argument '/etc/passwd'.
You can get around the problem with a directory called ` ' acting as a
separator by doing something like:
find /tmp -print0 | xargs -r0 rm -f --
The -print0 option in find separates filenames with the null character.
-r0 sets this as the separator for xargs (and causes the command not to be
run if there are no files found).
Allen
........................................................................
Allen Wheelwright <apw24 () cam ac uk> Tel. 01223 465546 (external)
Churchill College, Cambridge, CB3 0DS. or 135546 (university)
Current thread:
- Re: [linux-security] Things NOT to put in root's crontab Paul Szabo (May 29)
- <Possible follow-ups>
- Re: [linux-security] Things NOT to put in root's crontab Jorge Guilherme (May 30)
- Re: [linux-security] Things NOT to put in root's crontab Allen Wheelwright (Jun 03)
- Re: [linux-security] Things NOT to put in root's crontab Valdis.Kletnieks () vt edu (Jun 03)
- Re: [linux-security] Things NOT to put in root's crontab Allen Wheelwright (Jun 03)