Bugtraq mailing list archives
Re: Safe /tmp cleanup
From: merlyn () STONEHENGE COM (Randal Schwartz)
Date: Thu, 13 Nov 1997 00:38:33 -0700
"Steven" == Steven Leikeim <steven () ENEL UCALGARY CA> writes:
Steven> In Red Hat Linux 4.2, there is a package called tmpwatch. Here is the Steven> first part of the man page: Steven> NAME Steven> tmpwatch - removes files which haven't been accessed for a period Steven> of time Steven> SYNOPSIS Steven> tmpwatch [-fav] [--verbose] [--force] [--all] [--test] <hours> Steven> <dirs> Delete all files that haven't been accessed in 1.5 days in /dir and /ect: find2perl /dir /ect -eval '-A > 1.5 and unlink' | perl Steven> The source for this program is 294 lines of C (including comments). And completely unnecessary, given the above perl command-line. :-) The output of this find2perl run is 17 lines of Perl, by the way. Steven> Enough care seems to have been taken to avoid race hazards Steven> and my limited examination of code satisfied me that there are Steven> no security problems with it. Specfically, the program does Steven> everything itself, it does not rely on an external program for Steven> any function which should eliminate problems associated with Steven> special characters and/or buffer overflows due to deep paths. Ditto on the find2perl solution. "find2perl" comes with all modern Perl releases. Perl is your friend. Use Perl. -- Name: Randal L. Schwartz / Stonehenge Consulting Services (503)777-0095 Keywords: Perl training, UNIX[tm] consulting, video production, skiing, flying Email: <merlyn () stonehenge com> Snail: (Call) PGP-Key: (finger merlyn () ora com) Web: <A HREF="http://www.stonehenge.com/merlyn/">My Home Page!</A> Quote: "I'm telling you, if I could have five lines in my .sig, I would!" -- me
Current thread:
- Re: CERT Advisory CA-97.25 - CGI_metachar, (continued)
- Re: CERT Advisory CA-97.25 - CGI_metachar Greg Bacon (Nov 11)
- L0pht Advisory: IE4.0 DilDog (Nov 10)
- L0pht Advisory: IE4.0 Petri Helenius (Nov 10)
- Cisco IOS password encryption facts John Bashinski (Nov 10)
- Re: Cisco IOS password encryption facts ice9 (Nov 11)
- Re: Cisco IOS password encryption facts J. Sean Connell (Nov 11)
- Re: Cisco IOS password encryption facts Michael Degerman (Nov 13)
- mode of the i586 F0 bug VaX#n8 (Nov 12)
- Re: mode of the i586 F0 bug Alan Cox (Nov 12)
- Linux F00F Patch Aleph One (Nov 12)
- Re: Safe /tmp cleanup Randal Schwartz (Nov 12)
- Re: Safe /tmp cleanup dsiebert () ICAEN UIOWA EDU (Nov 13)
- another buffer overrun in sperl5.003 Pavel Kankovsky (Nov 13)
- Re: Safe /tmp cleanup Valdis Kletnieks (Nov 13)
- IE4.0 patch Richard Trott (Nov 13)
- X Security problem (?) Carlo Wood (Nov 13)
- Re: X Security problem (?) Matthias Buelow (Nov 14)
- Re: X Security problem (?) Scott Moseman (Nov 14)
- digital unix 4.0 hole John McDonald (Nov 14)
- What to do when you forget your cisco LD password... Dustin Sallings (Nov 13)
- Re: What to do when you forget your cisco LD password... John Bashinski (Nov 14)