Bugtraq mailing list archives

Re: Safe /tmp cleanup

From: Valdis.Kletnieks () VT EDU (Valdis Kletnieks)
Date: Thu, 13 Nov 1997 12:43:28 -0500


--==_Exmh_1875402210P
Content-Type: text/plain; charset=us-ascii

On Thu, 13 Nov 1997 10:48:43 CST, you said:

    find2perl /dir /ect -eval '-A > 1.5 and unlink' | perl

Perl is your friend.  Use Perl.

Wrong.  Check out this snippet from find.pl (from perl 5.003):


I can't help it if you're using old, outdated, buggy software.  5.004_01 came
out in May 97, current is 5.004_04.

                # Get link count and check for directoriness.

 (code elided)

This code has been overhauled for 5.004.  In particular, it now passes along
a 'wanted' function that can do any additional checking you desire.

It "checks for directoriness", and if it is a directory it chdir's into it.
This does not do anything at all to prevent someone changing the name which
used to be a directory into a link to somewhere else in the meantime.  You


You can use the 'wanted' function to do this checking.

However, Randal's one-liner passed the 'wanted' function '-A > 1.5 and unlink'
which does, in fact, do *no* checking of the type needed.  However, the lstat
information of the *original* directory is available to the 'wanted' function,
and it can re-lstat the *current*, do compares of dev/inode pairs, and reject
if it's been changed.

Bottom line:  find2perl *can* do it securely.  But not with Randal's original
one-line solution.
--
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech


--==_Exmh_1875402210P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBNGs8PtQBOOoptg9JAQFIogQAozaxBX5kUEMeJ6Em49eEJHOuIdSS1Du0
727Vialiqa00t4O7jvl/hL+hllI2e0ylwed4zAOLN/f+0xX1Aqs1iqXS0//qKmS5
7lZM/FRTnlDYX96TCHg29gf6uelhhnP+wZKLjORYrcCnnDtcxZ1bhcp1QPevB4u3
Urtnr0jtneA=
=VHXu
-----END PGP MESSAGE-----

--==_Exmh_1875402210P--

Current thread:

Cisco IOS password encryption facts, (continued)
- - - Cisco IOS password encryption facts John Bashinski (Nov 10)
    - Re: Cisco IOS password encryption facts ice9 (Nov 11)
    - Re: Cisco IOS password encryption facts J. Sean Connell (Nov 11)
    - Re: Cisco IOS password encryption facts Michael Degerman (Nov 13)
    - mode of the i586 F0 bug VaX#n8 (Nov 12)
    - Re: mode of the i586 F0 bug Alan Cox (Nov 12)
    - Linux F00F Patch Aleph One (Nov 12)
    - Re: Safe /tmp cleanup Randal Schwartz (Nov 12)
    - Re: Safe /tmp cleanup dsiebert () ICAEN UIOWA EDU (Nov 13)
    - another buffer overrun in sperl5.003 Pavel Kankovsky (Nov 13)
    - Re: Safe /tmp cleanup Valdis Kletnieks (Nov 13)
    - IE4.0 patch Richard Trott (Nov 13)
    - X Security problem (?) Carlo Wood (Nov 13)
    - Re: X Security problem (?) Matthias Buelow (Nov 14)
    - Re: X Security problem (?) Scott Moseman (Nov 14)
    - digital unix 4.0 hole John McDonald (Nov 14)
    - What to do when you forget your cisco LD password... Dustin Sallings (Nov 13)
    - Re: What to do when you forget your cisco LD password... John Bashinski (Nov 14)
    - Re: Safe /tmp cleanup Erik Troan (Nov 13)
    - Linux IP fragment overlap bug G P R (Nov 13)
    - Re: Linux IP fragment overlap bug Alan Cox (Nov 14)

(Thread continues...)