| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Apr 6 23:27:34 2005 From: dwmalone at maths.tcd.ie (David Malone) Subject: Re: crontab from vixie-cron allows read other users crontabs On Wed, Apr 06, 2005 at 12:00:48PM +0200, Karol Wi?sek wrote: > Details: > > Insufficient checks allows user to change during edition regular file to > symbolic link to any file. While copying crontab uses root permisions, > but also checks entrys, so attacker is only able to read properly > formated crontab files (another users crontabs). Is this not the same bug as: http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html which was fixed in a number of OSs at the time? For example on FreeBSD you get an error that crontabs should be edited in place. David. 22:23:kac 18% setenv EDITOR /tmp/c 22:23:kac 19% crontab -e /tmp/crontab.nW9oUGhN18 $ unlink /tmp/crontab.nW9oUGhN18 $ ln -s /var/cron/tabs/root $ set -E $ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18 $ exit crontab: temp file must be edited in place 22:24:kac 20% uname FreeBSD
Powered by blists - more mailing lists