COMMAND

    kernel

SYSTEMS AFFECTED

    SuSE Linux 6.3 and previous

PROBLEM

    Peter_Mnster  found  following.    If  MAX_DAYS_IN_TMP   >  0   in
    /etc/rc.config on  a SuSE-Linux  system, a  local user  can delete
    arbitrary files by doing some commands like these:

        mkdir -p "/tmp/hhh /somedirectory"
        touch -t some-early-date "/tmp/hhh /somedirectory/somefile"
        sleep 1d

    The bug  is in  /etc/cron.daily/aaa_base for  SuSE version  6.3 or
    perhaps  also  in  /root/bin/cron.daily  for  older SuSE versions.
    Tested  on  SuSE  6.0  and  6.3  but  probably existent on earlier
    versions.

SOLUTION

    Nothing yet.  There  was patch sent to  public, but there was  bug
    as user could take adventage of  using find and rm to clean  /tmp,
    and that's not very smart.