Caldera Security Advisory SA-96.01
March 21, 1996

Topic: File deletion via /etc/crontab entries

I. Problem Description

	The system-wide crontab(5) file, /etc/crontab, contains entries
	executed by various users including root.  Some of these entries
	are intended to automatically remove old files from publicly
	writable directories such as /tmp.  It has been reported that
	the default entries in CND 1.0 can be misused by non-privileged
	users to delete arbitrary files.

II. Impact

	Any file on the system could be potentially deleted by a
	non-privileged user.

III. Solution / Workaround

	Remove entries that use 'find' on a public directory with
	'-exec rm -f' as root.  It is suggested that the following entries
	in /etc/crontab should be disabled or removed:

*******************************************************************************
# Remove /var/tmp files not accessed in 10 days
43 02 * * * root find /var/tmp/* -atime +3 -exec rm -f {} \; 2> /dev/null

# Remove /tmp files not accessed in 10 days
41 02 * * * root find /tmp/* -atime +10 -exec rm -f {} \; 2> /dev/null

# Remove formatted man pages not accessed in 10 days
39 02 * * * root find /var/catman/cat?/* -atime +10 -exec rm -f {} \; 2> /dev/n
ull

# Remove and TeX fonts not used in 10 days
35 02 * * * root find /var/lib/texmf/* -type f -atime +10 -exec rm -f {} \; 2> 
/dev/null
*******************************************************************************

	Though not tested by Caldera, the following "file garbage collector"
	has been suggested as a replacement for the above entries in
	/etc/crontab:

	http://www.ultratech.net/~zblaxell/admin_utils/filereaper.txt