hi
I am moving old files by using the following script :
find /home/-type f -atime +10 | \
while read file
do
mv $file /tmp/old
done
The script must also track the size of the directory it is creating and stop and create a
new directory when the size is some value (e.g. the size of a CD-ROM - 50MB (to allow for the
directories)) and size limit can be easily changed.
How can I do that?
What if I would tell you that if you run that script with root and you allow other users on your machine they could move ANY file on your machine to /tmp/old ?
# find . -type f | while read file; do echo mv $file /tmp/old; done
mv ./unix/ ../etc/passwd /tmp/old
#
As you can see, I was able to mv ../etc/passwd to /tmp/old. Now an attacker could use ".." or "." or even nothing depending on which directory the script was executed.
As to your question, use du to see the size of the directory and please be careful with your scripts.
What redoutable is saying -
Running as root you could have your /etc/passwd file or the shadow file
wind up in a publically readable directory. Then a simple dictionary attack, which might take some time, would give the bad guys access to everything on your machine.
FWIW - an attacker would have to be able to see what you are doing to exploit it. But.
Your best bet is not to move files around willy-nilly when you are a privileged user, unless you are sure about what file you are moving where.
And I don't know a simple workaround. Other than creating a non-priv user with multiple group membership - then newgrp to the correct group to play with the files. Someone else does know a good one, I'm sure.
Mcnamara a simple workaround is just to use ' " ' in the $file variable.
The actual problem here is that an attacker could trick the script into parsing three (old file and injected path and /tmp/old) or more parameters to "mv" instead of the disered two (old file and /tmp/old). That could be done simply by adding a space to a file name thus braking the $file variable into two arguments to "mv" instead of one.
Wrong vulnerable script with three arguments:
Code:
mv file ../etc/shadow /tmp/old
Ok script with two arguments:
Code:
mv "file ../etc/shadow" /tmp/old
This is actually more serious than it looks because the error is generally done with "rm -rf" instead of "mv" (in cron entries) and enables attackers to wreck beyond all repair any system by removing/moving critical files. Furthermore the system administrator would never be able to detect why the system is losing those critical files because the error is very subtle and lots of money would be spent restoring those machines.
I have been searching both on Unix.com and Google and have not been able to find the answer to my question. I think it is partly because I can't come up with the right search terms.
Recently, my virtual server switched storage devices and I think the problem may be related to that change.... (2 Replies)
To find the whole size of a particular directory i use "du -sk /dirname".. but after finding the direcory's size how do i make conditions like if the size of the dir is more than 1 GB i hav to delete some of the files inside the dir (0 Replies)
find . -type d -print 2>/dev/null|awk '!/\.$/ {for (i=1;i<NF;i++){d=length($i);if ( d < 5 && i != 1 )d=5;printf("%"d"s","|")}print "---"$NF}' FS='/'
Can someone explain how this works..??
How can i add directory size to be listed in the above command's output..?? (1 Reply)
Hi,
We currently have an Oracle database running and it is creating lots of processes in the /proc directory that are 1000M in size. The size of the /proc directory is now reading 26T. How can this be if the root file system is only 13GB?
I have seen this before we an Oracle temp file... (6 Replies)
am I right in assuming that in unix a directory size is just information about that directory stored somewhere on the file system, and not a sum of its contents? This is because ls -l gives 1024 as my directory size, when the directory contains many gigs worth of stuff.
also, is
du -sk dir ... (2 Replies)
Like the topic says, does anyone know if it is possible to check to see when an FTP only user has logged in? Because the shell is /bin/false and they are only using FTP to access the system doing a "finger" or "last" it says they have never logged in.
Is there a way to see when ftp users log in... (1 Reply)
I have a C program to find out the total size of all the files in a directory.
So what it does is.. it scans through all the files in the directory and does a stat() on each of them and sums up the size returned by st_size .
Is there a quicker way to do this.. without doing a stat() on each... (1 Reply)
hello
When i do a "ls -l" in a directory (Aix 5.3), i have the result :
>ls -l
total 65635864
-rw-r--r-- 1 lobi system 2559909888 Feb 20 15:06 cible5.7bdat
-rw-r--r-- 1 lobi system 1020098870 Feb 20 13:06 cible6.7bdat
-rw-r--r-- 1 lobi system 1544789511 Feb 20 11:06 cible9.7bdat
-rw-r--r--... (2 Replies)
hai friends
I need a program to find the size of a directory.. When i tried to get the size, it always gives the default space allocated for it. How can i findout the exact size of a directory using a c program
Thanks in advance
Collins (6 Replies)
hi, say i have the following directory structure a/b/c/d...
can i do df -kt /a/b/c/d and the output will gives me the total space of the directory space in d? or the output will just be the total space of the parent directory a.
hope its clear.. (2 Replies)
