Path: utzoo!attcan!uunet!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.shell
Subject: Re: Beware xargs security holes
Message-ID: <13569:Oct1617:00:0590@kramden.acf.nyu.edu>
Date: 16 Oct 90 17:00:05 GMT
References: <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu> <3876@awdprime.UUCP>
Organization: IR
Lines: 17

In article <3876@awdprime.UUCP> tif@doorstop.austin.ibm.com (Paul Chamberlain) writes:
> In article <4062:Oct1518:22:1290@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
> >  find / -name '#*' -atime +7 -print | xargs rm
> >lets a malicious user remove every file on the system.
> If I understand, to do this a user would have to create a file
> with a '/' in its name.

Incorrect. find prints full pathnames, not just filenames.

> The most malicious thing I can do with the above command is
> remove a file that doesn't start with '#' that's in a
> writable directory.

Incorrect. If that command is run daily from cron, as it is on many
systems, then any user can remove any file on the system.

---Dan