Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: [linux-security] Things NOT to put in root's crontab

Re: [linux-security] Things NOT to put in root's crontab

From: Allen Wheelwright <apw24_at_hermes.cam.ac.uk>
Date: Mon, 3 Jun 1996 10:53:30 +0100

On Thu, 30 May 1996, Jorge Guilherme wrote:

<snip>
> And now for some more bad news:
> Imagine a 'find /tmp |xargs rm -f --'. To exploit this one you NEED NO
> RACE condition. All that needs to be done is to create a directory called
> ' ' (Yeap, that's a single space) and inside it create another one called
> 'etc'and inside that one do a 'touch passwd'.
> xargs will see the name of the directory ' ' as a field separator and
> will pass to rm the argument '/etc/passwd'.

You can get around the problem with a directory called ` ' acting as a
separator by doing something like:

        find /tmp -print0 | xargs -r0 rm -f --

The -print0 option in find separates filenames with the null character.
-r0 sets this as the separator for xargs (and causes the command not to be
run if there are no files found).

Allen

........................................................................
Allen Wheelwright <apw24_at_cam.ac.uk> Tel. 01223 465546 (external)
Churchill College, Cambridge, CB3 0DS. or 135546 (university)
Received on Jun 03 1996

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos