From owner-freebsd-isp  Wed Jun 19 06:43:43 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id GAA13809
          for isp-outgoing; Wed, 19 Jun 1996 06:43:43 -0700 (PDT)
Received: from ref.tfs.com (ref.tfs.com [140.145.254.251])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA13804
          for <freebsd-isp@FreeBSD.org>; Wed, 19 Jun 1996 06:43:40 -0700 (PDT)
Received: from nike.efn.org (gurney_j@garcia.efn.org [198.68.17.5]) by ref.tfs.com (8.7.5/8.7.3) with ESMTP id GAA10643 for <freebsd-isp@FreeBSD.org>; Wed, 19 Jun 1996 06:43:35 -0700 (PDT)
Received: (from gurney_j@localhost) by nike.efn.org (8.7.5/8.7.3) id AAA00718; Wed, 19 Jun 1996 00:50:49 -0700 (PDT)
Date: Wed, 19 Jun 1996 00:50:49 -0700 (PDT)
From: John-Mark Gurney <gurney_j@nike.efn.org>
Reply-To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
To: Alex Nash <alex@fa.tdktca.com>
cc: freebsd-isp@FreeBSD.org
Subject: Re: /etc/daily
In-Reply-To: <31C6F559.3621A66B@fa.tdktca.com>
Message-ID: <Pine.BSF.3.91.960619004858.606C-100000@nike.efn.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 18 Jun 1996, Alex Nash wrote:

>   # This is a security hole, never use 'find' on a public directory
>   # with -exec rm -f as root.  This can be exploited to delete any file
>   # on the system.
> 
> You may wish to search the archives for a further description of this
> security hole.

I have a quick comment about this...  can't you specify /bin/rm instead 
of just rm?  wouldn't that help fix the security bug?  or is that related 
to the use of special file names?

John-Mark

gurney_j@efn.org
http://resnet.uoregon.edu/~gurney_j/
Modem/FAX: (541) 683-6954   (FreeBSD Box)

Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix)