On Fri, Apr 09, 2004 at 08:47:07AM +0200, Uwe Doering wrote:
cd $topdir find . -type d | xargs chmod 755
In case (potentially) untrusted users have had write permission in this directory tree in the past, a safer alternative would be
find /path/to/tree/root -type d -print0 | xargs -0 chmod 755
Please explain the "safer" difference in your eyes, Uwe. Are you thinking the admin might have ./ in their path?
No, but specially crafted file names can contain spaces and newlines. Since xargs(1) by default considers whitespace to be argument separators users can easily inject absolute paths to files somewhere else in the filesystem and wreak havoc this way. They just have to wait until 'root' traverses over their files with 'find' and 'xargs'.
The '0' options for find(1) and xargs(1) have been introduced to counter these attacks.
Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers [EMAIL PROTECTED] | http://www.escapebox.net _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
