On Sun, 1 Mar 1998 22:44:11 -0500, Cain wrote: >If this is already known, my apologies. It seemed very strange that this >worked, so I thought it would be mentionable. > >On many linux systems(Redhat imparticularly) updatedb is run nightly >around 1:00. When it sorts the files that find gets, it creats a few files >in /tmp called sort0<pid>000{1,2,etc}. Each is around 512k. The >first file is created and filled, then if necassary, another is created >and so on until it has your whole filesystem into a nice database. Well, >once the first file is created you can easily guess what the next filename >will be called as only the last character will change. If you create a >link to say, the shadow password file, updatedb will kindly overwrite it >for you. Ex: It should be pointed out that on Red Hat 4.2 and 5.0 updatedb runs as user nobody by default. This is not a security issue unless you are running a distribution at least a year old. We will be checking for the proper use of temp files in the source also. -- Bryan C. Andregg * <bandreggat_private> * Red Hat Software "Donnie were much more 'user-friendly'. May be you selective about friends:-)" -- Levente Farkas "Hey, wait a minute, you clowns are on dope!" -- Owen Cheese in 'Shakes the Clown'
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:37 PDT