Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!tezcat!cam-news-hub1.bbnplanet.com!news.bbnplanet.com!news.mathworks.com!fu-berlin.de!irz401!orion.sax.de!uriah.heep!news
From: j@uriah.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: find daily security
Date: 5 Apr 1997 14:51:02 GMT
Organization: Private BSD site, Dresden
Lines: 25
Message-ID: <5i5osm$8jd@uriah.heep.sax.de>
References: <5i3eqp$ppv$1@news.cc.utah.edu>
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
NNTP-Posting-Host: localhost.heep.sax.de
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: knews 0.9.6
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:38543
udplmc@FIX.TIN.DOMAIN (Lloyd M Caldwell) wrote:
> if find .... -exec rm -f {}
> is dangerous, why is it ok cleaning up
> /var/rwho and /var/preserve with that
> command and not /tmp and /var/tmp?
Since they are not publically writable.
> as far as I can tell, rm when given
> a symbolic link removes the link and
> not the destination.
The problem is the race condition between the stat(2) call find is
doing, and the actual rm. Somebody could abuse this race.
The current version of find(1) has a primary called -delete to avoid
this.
--
cheers, J"org
joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)