Bugtraq: Re: [linux-security] Things NOT to put in root's crontab

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [linux-security] Things NOT to put in root's crontab

From: wam () fedex com (William McVey)
Date: Wed, 22 May 1996 14:20:41 -0500


Dan Cross wrote:

I was under the impression that find(1) didn't follow symbolic links?
Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc
from somewhere in /tmp.


The exposure comes from a race condition between when find has
decended into a real directory (expected behavior) and when the
'rm' is forked (expected behavior).  If between these two tasks a
real directory is replaced with a symlink (unexepected behavior)
you are going to have problems.

 -- William

By Date By Thread

Current thread:

Re: [linux-security] Things NOT to put in root's crontab Christopher D. McCann (May 22)
- <Possible follow-ups>
- Re: [linux-security] Things NOT to put in root's crontab William McVey (May 22)
  - Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
    - Re: [linux-security] Things NOT to put in root's crontab Sean Vickery (May 22)
    - Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 22)
    - Re: [linux-security] Things NOT to put in root's crontab Colin Jenkins (May 23)
    - Re: [linux-security] Things NOT to put in root's crontab Philip Guenther (May 23)