SA-1996.01.txt
c6c4d1856682d5bf179248b26c5d60c9963b5bb4bfa36fab30f696ff23cdec66
Caldera Security Advisory SA-96.01
March 21, 1996
Topic: File deletion via /etc/crontab entries
I. Problem Description
The system-wide crontab(5) file, /etc/crontab, contains entries
executed by various users including root. Some of these entries
are intended to automatically remove old files from publicly
writable directories such as /tmp. It has been reported that
the default entries in CND 1.0 can be misused by non-privileged
users to delete arbitrary files.
II. Impact
Any file on the system could be potentially deleted by a
non-privileged user.
III. Solution / Workaround
Remove entries that use 'find' on a public directory with
'-exec rm -f' as root. It is suggested that the following entries
in /etc/crontab should be disabled or removed:
*******************************************************************************
# Remove /var/tmp files not accessed in 10 days
43 02 * * * root find /var/tmp/* -atime +3 -exec rm -f {} \; 2> /dev/null
# Remove /tmp files not accessed in 10 days
41 02 * * * root find /tmp/* -atime +10 -exec rm -f {} \; 2> /dev/null
# Remove formatted man pages not accessed in 10 days
39 02 * * * root find /var/catman/cat?/* -atime +10 -exec rm -f {} \; 2> /dev/n
ull
# Remove and TeX fonts not used in 10 days
35 02 * * * root find /var/lib/texmf/* -type f -atime +10 -exec rm -f {} \; 2>
/dev/null
*******************************************************************************
Though not tested by Caldera, the following "file garbage collector"
has been suggested as a replacement for the above entries in
/etc/crontab:
http://www.ultratech.net/~zblaxell/admin_utils/filereaper.txt