Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [linux-security] Things NOT to put in root's crontab
From: mkienenb () arsc edu (Mike Kienenberger)
Date: Wed, 22 May 1996 11:23:53 -0800


On Wed, 22 May 1996, Dan Cross wrote:
I was under the impression that find(1) didn't follow symbolic links?
Thus, one wouldn't ``find'' /etc/passwd if there was a link to /etc
from somewhere in /tmp.

Please don't tell me that Linux (or, more precisely, GNU) broke this.  :-)

No, the problem is that while find won't follow a symbolic link,
it's possible make a really really really long path to a file,
then while that path is being followed by find, you can rename the top-level
directory and just leave a symbolic link for the -exec command.  In this case,
rm.

Ie,  create a real path of a/a/a/a/a/a/a/a/a/a/a/a/a/etc/passwd
Then create a path of      b/a/a/a/a/a/a/a/a/a/a/a/a/etc
where etc is actually a link to /etc/,
then after find starts down a/a/a/a/, rename a to c, and b to a.

Now after the find command completes processing of passwd, rm will
pick up on the new a (formerly b) path.
---
Mike Kienenberger               Arctic Region Supercomputing Center
Systems Analyst                 (907) 474-6842
mkienenb () arsc edu               http://www.arsc.edu



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]