[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: Programming ...
- From: Glynn Clements <glynn sensei co uk>
- To: hgtaesml umail furryterror org (Zygo Blaxell)
- Cc: <linux-security redhat com>
- Subject: [linux-security] Re: Programming ...
- Date: Wed, 1 Dec 1999 02:09:25 +0100 (GMT--1:00)
Zygo Blaxell wrote:
> Deleting files in /tmp (or a user's home directory, for that matter)
> is not a trivial operation from a security point of view. You can't
> safely use "find" and "xargs"--or even "rm -rf"--unless you can guarantee
> that no users have write access to the directory tree in question
> (e.g. because the system is in single-user mode).
One of the linux-admin subscribers had a neat alternative for /tmp
cleaning, which I couldn't see any problems with. This involved
creating a statically-linked "rm" binary, and then doing e.g.
cp ~/static-rm ~/rm # installing the "rm" binary needs to be
mv -f ~/rm /tmp/rm # safe against symlink games
cd /tmp
chroot /tmp /rm -rf .
--
Glynn Clements <glynn sensei co uk>
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]