Beware xargs security holes
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Wed Oct 17 03:00:05 AEST 1990
In article <3876 at awdprime.UUCP> tif at doorstop.austin.ibm.com (Paul Chamberlain) writes:
> In article <4062:Oct1518:22:1290 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
> > find / -name '#*' -atime +7 -print | xargs rm
> >lets a malicious user remove every file on the system.
> If I understand, to do this a user would have to create a file
> with a '/' in its name.
Incorrect. find prints full pathnames, not just filenames.
> The most malicious thing I can do with the above command is
> remove a file that doesn't start with '#' that's in a
> writable directory.
Incorrect. If that command is run daily from cron, as it is on many
systems, then any user can remove any file on the system.
---Dan
More information about the Comp.unix.shell
mailing list