Bugtraq mailing list archives
Re: [linux-security] Things NOT to put in root's crontab
From: guenther () gac edu (Philip Guenther)
Date: Wed, 22 May 1996 19:10:05 -0500
William McVey <wam () fedex com> writes:
Dan Cross wrote:I was under the impression that find(1) didn't follow symbolic links? Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc from somewhere in /tmp.The exposure comes from a race condition between when find has decended into a real directory (expected behavior) and when the 'rm' is forked (expected behavior). If between these two tasks a real directory is replaced with a symlink (unexepected behavior) you are going to have problems.
The race condition in find should be eliminatible by using fchdir() and passing the '-exec'ed command a simple filename. You have to keep open one descriptor for each level descended which should max out at MAXPATHLEN/2. That should be within the bounds of modern UNIX systems. In pseudocode: cur = open argv[1]; fchdir(cur); do_dir(cur); do_dir(int cur) { foreach file in "." { int fd = open file; do_stuff_from_command_line; if ISDIR(fstat fd) { fchdir(fd); do_dir(fd); fchdir(cur); } } } Philip Guenther
Current thread:
- Re: [linux-security] Things NOT to put in root's crontab Christopher D. McCann (May 22)
- <Possible follow-ups>
- Re: [linux-security] Things NOT to put in root's crontab William McVey (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Sean Vickery (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Colin Jenkins (May 23)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 23)
- Re: [linux-security] Things NOT to put in root's crontab Colin Jenkins (May 24)
- Re: [linux-security] Things NOT to put in root's crontab Aidas Kasparas (May 26)
- Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
- Re: [linux-security] Things NOT to put in root's crontab Zygo Blaxell (May 23)