Xref: utzoo comp.unix.shell:623 alt.security:1682
Path: utzoo!utgpu!cs.utexas.edu!ut-emx!ibmchs!auschs!awdprime!doorstop.austin.ibm.com!tif
From: tif@doorstop.austin.ibm.com (Paul Chamberlain)
Newsgroups: comp.unix.shell,alt.security
Subject: Re: Beware xargs security holes
Message-ID: <3940@awdprime.UUCP>
Date: 19 Oct 90 13:40:36 GMT
References: <63404@iuvax.cs.indiana.edu> <1990Oct9.172621.13484@cbnews.att.com> <271653D6.1CE8@tct.uucp> <4062:Oct1518:22:1290@kramden.acf.nyu.edu> <3876@awdprime.UUCP> <tim.656101080@ggumby>
Sender: news@awdprime.UUCP
Reply-To: tif@doorstop.austin.ibm.com (Paul Chamberlain)
Followup-To: comp.unix.shell
Organization: IBM AWD, Austin, TX
Lines: 28
Summary:
Expires:
Sender:
Followup-To:
Keywords:

In article <tim.656101080@ggumby> tim@ggumby.cs.caltech.edu (Timothy L. Kay) writes:
>tif@doorstop.austin.ibm.com (Paul Chamberlain) writes:
>>In article brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>>>  find / -name '#*' -atime +7 -print | xargs rm
>>>lets a malicious user remove every file on the system.
>>
>>The most malicious thing I can do with the above command is
>>remove a file that doesn't start with '#' that's in a
>>writable directory.
>
>Let me see.  If I create a directory [and file] named
>	.../directory\n/vmunix

Okay, I've had this explained to me and I admit that this
could be a problem.  But I think it is contrived because
the "find" command to pass this filename to xargs either
doesn't check the name or allows "vmunix" to match it.

I suppose I could create the above and then convince the
administrator to do "find /u/tif -print | xargs chown tif".
But, then again, wouldn't "ln /etc/passwd /u/tif/my_file"
be easier.

In any case, I've yet to see how "a malicious user [could]
remove every file on the system."

Paul Chamberlain | I do NOT represent IBM.     tif@doorstop, sc30661 at ausvm6
512/838-7008     | ...!cs.utexas.edu!ibmaus!auschs!doorstop.austin.ibm.com!tif