Bugtraq mailing list archives
Re: Safe /tmp cleanup
From: dsiebert () ICAEN UIOWA EDU (dsiebert () ICAEN UIOWA EDU)
Date: Thu, 13 Nov 1997 10:48:43 -0600
Delete all files that haven't been accessed in 1.5 days in /dir and /ect: find2perl /dir /ect -eval '-A > 1.5 and unlink' | perl Steven> The source for this program is 294 lines of C (including comments). And completely unnecessary, given the above perl command-line. :-) The output of this find2perl run is 17 lines of Perl, by the way. Steven> Enough care seems to have been taken to avoid race hazards Steven> and my limited examination of code satisfied me that there are Steven> no security problems with it. Specfically, the program does Steven> everything itself, it does not rely on an external program for Steven> any function which should eliminate problems associated with Steven> special characters and/or buffer overflows due to deep paths. Ditto on the find2perl solution. "find2perl" comes with all modern Perl releases. Perl is your friend. Use Perl.
Wrong. Check out this snippet from find.pl (from perl 5.003): # Get link count and check for directoriness. ($dev,$ino,$mode,$nlink) = lstat($_) unless $nlink; if (-d _) { # It really is a directory, so do it recursively. if (!$prune && chdir $_) { &finddir($name,$nlink); chdir '..'; } --$subcount; } It "checks for directoriness", and if it is a directory it chdir's into it. This does not do anything at all to prevent someone changing the name which used to be a directory into a link to somewhere else in the meantime. You have to assume an attacker can make your Perl script run arbitrarily slow (not like this is hard with Perl in the first place) and therefore can do bad things in between the lstat and the chdir. The modification to the GNU find I wrote (hopefully) catches any such possible attack. I have not looked at the RedHat thing Steven mentions, so I can't comment on how well it does in this regard. -- Douglas Siebert Director of Computing Facilities douglas-siebert () uiowa edu Division of Mathematical Sciences, U of Iowa If you let the system beat you long enough, eventually it'll get tired.
Current thread:
- L0pht Advisory: IE4.0, (continued)
- L0pht Advisory: IE4.0 DilDog (Nov 10)
- L0pht Advisory: IE4.0 Petri Helenius (Nov 10)
- Cisco IOS password encryption facts John Bashinski (Nov 10)
- Re: Cisco IOS password encryption facts ice9 (Nov 11)
- Re: Cisco IOS password encryption facts J. Sean Connell (Nov 11)
- Re: Cisco IOS password encryption facts Michael Degerman (Nov 13)
- mode of the i586 F0 bug VaX#n8 (Nov 12)
- Re: mode of the i586 F0 bug Alan Cox (Nov 12)
- Linux F00F Patch Aleph One (Nov 12)
- Re: Safe /tmp cleanup Randal Schwartz (Nov 12)
- Re: Safe /tmp cleanup dsiebert () ICAEN UIOWA EDU (Nov 13)
- another buffer overrun in sperl5.003 Pavel Kankovsky (Nov 13)
- Re: Safe /tmp cleanup Valdis Kletnieks (Nov 13)
- IE4.0 patch Richard Trott (Nov 13)
- X Security problem (?) Carlo Wood (Nov 13)
- Re: X Security problem (?) Matthias Buelow (Nov 14)
- Re: X Security problem (?) Scott Moseman (Nov 14)
- digital unix 4.0 hole John McDonald (Nov 14)
- L0pht Advisory: IE4.0 DilDog (Nov 10)
- What to do when you forget your cisco LD password... Dustin Sallings (Nov 13)
- Re: What to do when you forget your cisco LD password... John Bashinski (Nov 14)
- Re: Safe /tmp cleanup Erik Troan (Nov 13)