Subject: Re: CRITICAL ** Holes in default cron jobs ** CRITICAL
To: None <current-users@NetBSD.ORG>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: current-users
Date: 12/30/1996 14:35:27
>>>>> "Warner" == Warner Losh <imp@village.org> writes:
Warner> There is a third hole that is likely to be present. If
Warner> you create a directory structure, say /tmp/foo/etc/passwd,
Warner> then find will see that, and you can then race the rm by
Warner> then switching foo to be a symlink to / so that
Warner> /etc/passwd gets blown away.
There seems to be a never ending number of these things.
I'd like to suggest that we generalize the solution by making all
the rm commands only remove files owned by root,bin,daemon. All those
simply generate a warning to root. Perhaps with a script to do the
actual rm squirrelled away somewhere.
:!mcr!: | Network security consulting and
Michael Richardson | contract programming
WWW: mcr@sandelman.ottawa.on.ca. PGP key available.