Date: Wed, 19 Jun 1996 00:50:49 -0700 (PDT) From: John-Mark Gurney <gurney_j@nike.efn.org> To: Alex Nash <alex@fa.tdktca.com> Cc: freebsd-isp@FreeBSD.org Subject: Re: /etc/daily Message-ID: <Pine.BSF.3.91.960619004858.606C-100000@nike.efn.org> In-Reply-To: <31C6F559.3621A66B@fa.tdktca.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Jun 1996, Alex Nash wrote: > # This is a security hole, never use 'find' on a public directory > # with -exec rm -f as root. This can be exploited to delete any file > # on the system. > > You may wish to search the archives for a further description of this > security hole. I have a quick comment about this... can't you specify /bin/rm instead of just rm? wouldn't that help fix the security bug? or is that related to the use of special file names? John-Mark gurney_j@efn.org http://resnet.uoregon.edu/~gurney_j/ Modem/FAX: (541) 683-6954 (FreeBSD Box) Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960619004858.606C-100000>