>>>>> "Warner" == Warner Losh <imp@village.org> writes:
    Warner> There is a third hole that is likely to be present.  If
    Warner> you create a directory structure, say /tmp/foo/etc/passwd,
    Warner> then find will see that, and you can then race the rm by
    Warner> then switching foo to be a symlink to / so that
    Warner> /etc/passwd gets blown away.

  There seems to be a never ending number of these things.
  I'd like to suggest that we generalize the solution by making all
the rm commands only remove files owned by root,bin,daemon. All those
simply generate a warning to root. Perhaps with a script to do the
actual rm squirrelled away somewhere.

   :!mcr!:            |  Network security consulting and 
   Michael Richardson |      contract programming
 WWW: mcr@sandelman.ottawa.on.ca. PGP key available.