[OFFTOPIC] Re: Directory name problem...

Robert Nichols (rnichols@interaccess.com)
Sun, 25 Oct 98 18:12 CST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ely Wilson: "2.1.126 SB Sound Patch"
Previous message: Ragnar Hojland Espinosa: "Re: bdflush / update"

On Sun, 25 Oct 1998, Riley Williams <rhw@bigfoot.com> wrote:
> but I did find out what script he's using...
>
> Q> #!/bin/sh
> Q> XYZZY="`find / -name core`"
> Q> for LOOP in `find $XYZZY | sort -ru` ; do
> Q> rm -fr $LOOP
> Q> done

Looks like a major security problem to me. By creating directory names
with embedded white space you can make that script delete any directory
tree in the system. You might want to show the smug sysadmin what would
happen if someone were to do:

$ mkdir "junk "
$ cd "junk "
$ mkdir "etc "
$ cd "etc "
$ touch core

If you test this with the script quoted above, I strongly suggest
replacing the "rm -rf" command with something more innocuous, like
"echo".

-- Bob Nichols rnichols@interaccess.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Ely Wilson: "2.1.126 SB Sound Patch"
Previous message: Ragnar Hojland Espinosa: "Re: bdflush / update"