Cory Petkovsek wrote:
On Fri, Apr 09, 2004 at 08:47:07AM +0200, Uwe Doering wrote:

cd $topdir
find . -type d | xargs chmod 755

In case (potentially) untrusted users have had write permission in this directory tree in the past, a safer alternative would be


find /path/to/tree/root -type d -print0 | xargs -0 chmod 755

Please explain the "safer" difference in your eyes, Uwe. Are you thinking the admin might have ./ in their path?

No, but specially crafted file names can contain spaces and newlines. Since xargs(1) by default considers whitespace to be argument separators users can easily inject absolute paths to files somewhere else in the filesystem and wreak havoc this way. They just have to wait until 'root' traverses over their files with 'find' and 'xargs'.


The '0' options for find(1) and xargs(1) have been introduced to counter these attacks.

   Uwe
--
Uwe Doering         |  EscapeBox - Managed On-Demand UNIX Servers
[EMAIL PROTECTED]  |  http://www.escapebox.net
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to