On Mon, 1 Jul 1996, Doug Hughes wrote:
At 18:10 96-06-28, Brock Rozen wrote:
Except for the fact that that is insecure via race conditions that will allow
someone to remove any file owned by the user running the find in many
cases.
This is mis-information. If you use "-exec rm {} \;" with find
there can be such as race condition, and one that CAN be exploited
rather easily under the right circumstances but it is this combination
that is dangerous not find itself.
Note that it is the call to "rm" that ` ...will allow someone to
remove any file owned by the user running the find ...' and to do so
will require that the other person (the one trying to exploit the bug)
be able to write into the directory (or some parent) that find is
working on. This problem really is one of root doing
find /tmp -exec rm {} \;
in cron, it is not a general problem with find.
I haven't followed this thread closely, but I think find is quite
workable from what I *have* read.
Be very very careful with this.. (find from cron - especially as root)
Good advice nonetheless.
cheers