Beware xargs security holes
Dave Eisen
dkeisen at Gang-of-Four.Stanford.EDU
Sat Oct 20 03:31:33 AEST 1990
In article <3940 at awdprime.UUCP> tif at doorstop.austin.ibm.com (Paul Chamberlain) writes:
>In article <tim.656101080 at ggumby> tim at ggumby.cs.caltech.edu (Timothy L. Kay) writes:
>>tif at doorstop.austin.ibm.com (Paul Chamberlain) writes:
>>>In article brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>>>> find / -name '#*' -atime +7 -print | xargs rm
>>>>lets a malicious user remove every file on the system.
>>>
>
>In any case, I've yet to see how "a malicious user [could]
>remove every file on the system."
>
If xargs is implemented using system (as it is on this machine),
an old file named #<newline>-rf * will remove every file on the machine if
the rm -rf * happens to be the start of the buffer passed to system.
--
Dave Eisen Home: (415) 323-9757
dkeisen at Gang-of-Four.Stanford.EDU Office: (415) 967-5644
1447 N. Shoreline Blvd.
Mountain View, CA 94043
More information about the Comp.unix.shell
mailing list