Bugtraq mailing list archives
Problem with default slackware crontabs
From: jon () betterthan northstar k12 ak us (Jon Snyder)
Date: Tue, 24 Dec 1996 14:34:51 -0900
Using Slackware 3.0, I noticed a problem with the default root crontab. It runs updatedb at 7:40 a.m. every day, but unforunately updatedb has a temporary file security problem--it doesn't check for symlinks (or if the file exists, for that matter). updatedb will write to /var/tmp (or /usr/tmp), and although the filename includes the PID of the shell the script is running under, a vulnerability still exists. I've taken updatedb out of my crontab, because locate is never used on my system. However, it might be wise to modify the script so as to prevent exploits from compromising your systems. Jon Snyder Student Network Technician, FNSBSD (907) 452-2000 x. 376
Current thread:
- Problem with default slackware crontabs Jon Snyder (Dec 24)
- Re: Problem with default slackware crontabs Jared Mauch (Dec 24)
- Re: Problem with default slackware crontabs, /tmp symlinks Jon Snyder (Dec 24)
- Re: Problem with default slackware crontabs, /tmp symlinks Marc Slemko (Dec 24)
- Re: Problem with default slackware crontabs, /tmp symlinks Jon Snyder (Dec 24)
- <Possible follow-ups>
- Re: Problem with default slackware crontabs Andi Gutmans (Dec 25)
- Re: Problem with default slackware crontabs Jared Mauch (Dec 24)