|
|
BugTraq
crontab from vixie-cron allows read other users crontabs Apr 06 2005 10:00AM Karol Wiêsek (appelast drumnbass art pl) (3 replies) Re: crontab from vixie-cron allows read other users crontabs Apr 06 2005 09:31PM David Malone (dwmalone maths tcd ie) Re: crontab from vixie-cron allows read other users crontabs Apr 06 2005 04:51PM Richard Moore (rich westpoint ltd uk) |
|
Privacy Statement |
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Name: vixie-cron
[snip]
> Details:
>
> Insufficient checks allows user to change during edition regular file to
> symbolic link to any file. While copying crontab uses root permisions,
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).
[snip]
It should be noted that this is redhat specific, not in "vixie-cron".
*sniff*
Gadi.
[ reply ]