Subject: Re: CRITICAL ** Holes in default cron jobs ** CRITICAL
To: None <>
From: Giles Lean <>
List: current-users
Date: 12/30/1996 12:23:12
On Sun, 29 Dec 1996 17:32:36 -0500  "Perry E. Metzger" wrote:

> > OpenBSD has added -print0 to find(1) and -0 to xargs(1), based on
> > the...
> >
> > Anyone want a re-written /etc/security that uses these?
> It won't do a damn bit of good, as it has nothing to do with the
> security problem.

I wonder if we're talking about the same things?

There were two holes in the original advisory:

1. shell metacharacter vulerability of 'ls ... | sh' code

   This can be fixed by using 'find ... -print0 | xargs -0 ls ...',
   but the current NetBSD find and xargs programs don't support these

   I have made this change here and my previous exploit doesn't even
   cause a hiccup anymore.

2. insecure temporary files

   As noted in various places mkdir is atomic, so creating a directory
   to store temporary files in (after umask has been reset) is safe if
   it succeeds.

Happy New Year,