From ichudov@manifold.algebra.com Fri May 31 14:50:22 1996 Received: from galaxy.galstar.com (root@galaxy.galstar.com [204.251.80.2]) by suburbia.net (8.7.4/Proff-950810) with SMTP id OAA12509 for ; Fri, 31 May 1996 14:50:13 +1000 Received: from manifold.algebra.com (manifold.algebra.com [204.251.82.89]) by galaxy.galstar.com (8.6.12/8.6.12) with ESMTP id XAA07944; Thu, 30 May 1996 23:49:49 -0500 Received: (from ichudov@localhost) by manifold.algebra.com (8.7.5/8.6.11) id XAA02593; Thu, 30 May 1996 23:50:10 -0500 Message-Id: <199605310450.XAA02593@manifold.algebra.com> Subject: Re: More find -exec rm dangers was: Re: BoS: Re: [linux-security] To: jpp@software.net (John Pettitt) Date: Thu, 30 May 1996 23:50:10 -0500 (CDT) Cc: whitis@dbd.com, zblaxell@myrus.com, linux-security@tarsier.cv.nrao.edu, best-of-security@suburbia.net Reply-To: ichudov@algebra.com (Igor Chudov) In-Reply-To: <2.2.32.19960524180112.00c0a8c0@mail.software.net> from "John Pettitt" at May 24, 96 11:01:12 am From: ichudov@algebra.com (Igor Chudov @ home) X-Mailer: ELM [version 2.4 PL24 ME7] Content-Type: text John Pettitt wrote: > >On Tue, 21 May 1996, Zygo Blaxell wrote: > >> >From Redhat's /etc/crontab file: > >> ># Remove /var/tmp files not accessed in 10 days > >> >43 02 * * * root find /var/tmp/* -atime +3 -exec rm -f {} \; 2> /dev/null > > Find (at least the linux source I have) uses execvp to run commands, since > execvp follows the PATH environement to find the target program, since > *many* people still have a '.' in a root path (silly bu true) find can be > fooled into running arbitary programs by leaving a program called 'rm' in > the right place. > > At the very least the -exec should be /bin/rm FYI, find is called from cron daemon, which sets a predefined PATH for all programs that it executes. Therefore, your comment does not apply to cron jobs - Igor.