If this is already known, my apologies. It seemed very strange that this
worked, so I thought it would be mentionable.
On many linux systems(Redhat imparticularly) updatedb is run nightly
around 1:00. When it sorts the files that find gets, it creats a few files
in /tmp called sort0<pid>000{1,2,etc}. Each is around 512k. The
first file is created and filled, then if necassary, another is created
and so on until it has your whole filesystem into a nice database. Well,
once the first file is created you can easily guess what the next filename
will be called as only the last character will change. If you create a
link to say, the shadow password file, updatedb will kindly overwrite it
for you. Ex:
<assuming updatedb is running in the background>
$ ls /tmp
sort012340000 sort012340001
$ ln -s /etc/shadow /tmp/sort012340002
<wait for awhile to give updatedb time to write to our link>
$ ls /tmp
sort012340000 sort012340001 sort012340002 sort012340003
It's done, it will now clear out it's files from /tmp. Now go look at the
shadow password file. It will be quite larger then it was before. About
512k is it's new size. I played with this for awhile but couldn't find
anyway to write anything useful to any file except /etc/shells so you can
ftp into the system no matter what your specified shell is.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:30 PDT