mailing list archives
Re: [linux-security] Things NOT to put in root's crontab
From: mkienenb () arsc edu (Mike Kienenberger)
Date: Wed, 22 May 1996 11:23:53 -0800
On Wed, 22 May 1996, Dan Cross wrote:
I was under the impression that find(1) didn't follow symbolic links?
Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc
from somewhere in /tmp.
Please don't tell me that Linux (or, more precisely, GNU) broke this. :-)
No, the problem is that while find won't follow a symbolic link,
it's possible make a really really really long path to a file,
then while that path is being followed by find, you can rename the top-level
directory and just leave a symbolic link for the -exec command. In this case,
Ie, create a real path of a/a/a/a/a/a/a/a/a/a/a/a/a/etc/passwd
Then create a path of b/a/a/a/a/a/a/a/a/a/a/a/a/etc
where etc is actually a link to /etc/,
then after find starts down a/a/a/a/, rename a to c, and b to a.
Now after the find command completes processing of passwd, rm will
pick up on the new a (formerly b) path.
Mike Kienenberger Arctic Region Supercomputing Center
Systems Analyst (907) 474-6842
mkienenb () arsc edu http://www.arsc.edu
SGI Security Advisory 19960501-01-PX SGI Security Coordinator (May 22)