Re: vixie cron possible local root compromise

[Mate Wierdl <mw () THALES MEMPHIS EDU>]

On Wed, Feb 14, 2001 at 12:21:14PM +0100, Robert Varga wrote:
> On Mon, Feb 12, 2001 at 03:46:20PM -0800, Blake R. Swopes wrote:
> > Considering what overflows the buffer (your username), it would seem that
> > you'd need root access to begin with in order to craft an exploit. Am I
> > wrong?
>
> Well this could be used to gain root privileges on free shell-account
> servers, which don't do the proper bounds checking and the registration
> process is fully automated...

On my RedHat 7.0 box, you can add a username longer than 20
characters using standard tools:

# useradd Arnold.Schwarzenegger
# su - Arnold.Schwarzenegger
[Arnold.Schwarzenegger@thales Arnold.Schwarzenegger]$ crontab -e
Segmentation fault

I think this example negates many of the arguments in this thread,
does not it?

Mate
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis