Hi Stephane,
On Tue, Mar 15, 2011 at 04:17:50PM +0000, Stephane Chazelas wrote:
> 09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d
> /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin
> +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm
> when /var/lib/php5/foo/passwd has exceeded its maxlifetime but
> not the ones in /var/lib/php5/bar, assuming foo appears before
> bar, find will output /var/lib/php5/foo/passwd and then spend a
> few minutes in /var/lib/php5/bar during which the attacker can
> replace his /var/lib/php5/foo directory with a symlink to /etc.
> Then xargs will remove /etc/passwd.
Wouldn't xargs just remove the symlink? I could see this being a
problem if xargs was putting something *into* the files, but don't
see the particular issue here.
Sean
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
