| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050406213156.GA28054@walton.maths.tcd.ie> Date: Wed, 6 Apr 2005 22:31:56 +0100 From: David Malone <dwmalone@...hs.tcd.ie> To: Karol Wi?sek <appelast@...mnbass.art.pl> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: crontab from vixie-cron allows read other users crontabs On Wed, Apr 06, 2005 at 12:00:48PM +0200, Karol Wi?sek wrote: > Details: > > Insufficient checks allows user to change during edition regular file to > symbolic link to any file. While copying crontab uses root permisions, > but also checks entrys, so attacker is only able to read properly > formated crontab files (another users crontabs). Is this not the same bug as: http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html which was fixed in a number of OSs at the time? For example on FreeBSD you get an error that crontabs should be edited in place. David. 22:23:kac 18% setenv EDITOR /tmp/c 22:23:kac 19% crontab -e /tmp/crontab.nW9oUGhN18 $ unlink /tmp/crontab.nW9oUGhN18 $ ln -s /var/cron/tabs/root $ set -E $ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18 $ exit crontab: temp file must be edited in place 22:24:kac 20% uname FreeBSD _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists