Xref: utzoo comp.unix.shell:593 alt.security:1674
Path: utzoo!attcan!uunet!cs.utexas.edu!romp!auschs!awdprime!doorstop.austin.ibm.com!tif
From: tif@doorstop.austin.ibm.com (Paul Chamberlain)
Newsgroups: comp.unix.shell,alt.security
Subject: Re: Beware xargs security holes
Message-ID: <3876@awdprime.UUCP>
Date: 16 Oct 90 14:24:46 GMT
References: <63404@iuvax.cs.indiana.edu> <1990Oct9.172621.13484@cbnews.att.com> <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu>
Sender: news@awdprime.UUCP
Reply-To: tif@doorstop.austin.ibm.com (Paul Chamberlain)
Followup-To: comp.unix.shell
Organization: IBM AWD, Austin, TX
Lines: 15
Summary:
Expires:
Sender:
Followup-To:
Keywords:

In article <4062:Oct1518:22:1290@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>  find / -name '#*' -atime +7 -print | xargs rm
>lets a malicious user remove every file on the system.

If I understand, to do this a user would have to create a file
with a '/' in its name.  Is this possible on some systems?
The most malicious thing I can do with the above command is
remove a file that doesn't start with '#' that's in a
writable directory.

Twice (I think), you have asserted grave danger with find
and xargs.  I still don't see it.

Paul Chamberlain | I do NOT represent IBM.     tif@doorstop, sc30661 at ausvm6
512/838-7008     | ...!cs.utexas.edu!ibmaus!auschs!doorstop.austin.ibm.com!tif