|
|
BugTraq
crontab from vixie-cron allows read other users crontabs Apr 06 2005 10:00AM Karol Wiêsek (appelast drumnbass art pl) (3 replies) Re: crontab from vixie-cron allows read other users crontabs Apr 06 2005 08:24PM Gadi Evron (ge linuxbox org) Re: crontab from vixie-cron allows read other users crontabs Apr 06 2005 04:51PM Richard Moore (rich westpoint ltd uk) |
|
Privacy Statement |
> Details:
>
> Insufficient checks allows user to change during edition regular file to
> symbolic link to any file. While copying crontab uses root permisions,
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).
Is this not the same bug as:
http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html
which was fixed in a number of OSs at the time? For example on
FreeBSD you get an error that crontabs should be edited in place.
David.
22:23:kac 18% setenv EDITOR /tmp/c
22:23:kac 19% crontab -e
/tmp/crontab.nW9oUGhN18
$ unlink /tmp/crontab.nW9oUGhN18
$ ln -s /var/cron/tabs/root
$ set -E
$ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18
$ exit
crontab: temp file must be edited in place
22:24:kac 20% uname
FreeBSD
[ reply ]