changing directory permissions recursively
Uwe Doering
gemini at geminix.org
Fri Apr 9 02:20:47 PDT 2004
Cory Petkovsek wrote:
> On Fri, Apr 09, 2004 at 08:47:07AM +0200, Uwe Doering wrote:
>
>>>cd $topdir
>>>find . -type d | xargs chmod 755
>>
>>In case (potentially) untrusted users have had write permission in this
>>directory tree in the past, a safer alternative would be
>>
>> find /path/to/tree/root -type d -print0 | xargs -0 chmod 755
>
> Please explain the "safer" difference in your eyes, Uwe. Are you thinking the
> admin might have ./ in their path?
No, but specially crafted file names can contain spaces and newlines.
Since xargs(1) by default considers whitespace to be argument separators
users can easily inject absolute paths to files somewhere else in the
filesystem and wreak havoc this way. They just have to wait until
'root' traverses over their files with 'find' and 'xargs'.
The '0' options for find(1) and xargs(1) have been introduced to counter
these attacks.
Uwe
--
Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers
gemini at geminix.org | http://www.escapebox.net
More information about the freebsd-questions
mailing list