current-users: Re: CRITICAL ** Holes in default cron jobs ** CRITICAL

Subject: Re: CRITICAL ** Holes in default cron jobs ** CRITICAL
To: None <perry@piermont.com>
From: Giles Lean <giles@nemeton.com.au>
List: current-users
Date: 12/30/1996 12:23:12

On Sun, 29 Dec 1996 17:32:36 -0500  "Perry E. Metzger" wrote:

> > OpenBSD has added -print0 to find(1) and -0 to xargs(1), based on
> > the...
> >
> > Anyone want a re-written /etc/security that uses these?
> 
> It won't do a damn bit of good, as it has nothing to do with the
> security problem.

I wonder if we're talking about the same things?

There were two holes in the original advisory:

1. shell metacharacter vulerability of 'ls ... | sh' code

   This can be fixed by using 'find ... -print0 | xargs -0 ls ...',
   but the current NetBSD find and xargs programs don't support these
   options.

   I have made this change here and my previous exploit doesn't even
   cause a hiccup anymore.

2. insecure temporary files

   As noted in various places mkdir is atomic, so creating a directory
   to store temporary files in (after umask has been reset) is safe if
   it succeeds.

Happy New Year,

Giles