Caldera Security Advisory SA-96.01
March 21, 1996

Topic: File deletion via /etc/crontab entries

I. Problem Description

  The system-wide crontab(5) file, /etc/crontab, contains entries
  executed by various users including root.  Some of these entries
  are intended to automatically remove old files from publicly
  writable directories such as /tmp.  It has been reported that
  the default entries in CND 1.0 can be misused by non-privileged
  users to delete arbitrary files.

II. Impact

  Any file on the system could be potentially deleted by a
  non-privileged user.

III. Solution / Workaround

  Remove entries that use 'find' on a public directory with
  '-exec rm -f' as root.  It is suggested that the following entries
  in /etc/crontab should be disabled or removed:

*******************************************************************************
# Remove /var/tmp files not accessed in 10 days
43 02 * * * root find /var/tmp/* -atime +3 -exec rm -f {} \; 2> /dev/null

# Remove /tmp files not accessed in 10 days
41 02 * * * root find /tmp/* -atime +10 -exec rm -f {} \; 2> /dev/null

# Remove formatted man pages not accessed in 10 days
39 02 * * * root find /var/catman/cat?/* -atime +10 -exec rm -f {} \; 2> /dev/n
ull

# Remove and TeX fonts not used in 10 days
35 02 * * * root find /var/lib/texmf/* -type f -atime +10 -exec rm -f {} \; 2> 
/dev/null
*******************************************************************************

  Though not tested by Caldera, the following "file garbage collector"
  has been suggested as a replacement for the above entries in
  /etc/crontab:

  http://www.ultratech.net/~zblaxell/admin_utils/filereaper.txt