Bugtraq mailing list archives
Re: vixie cron possible local root compromise
From: Flavio Veloso <flaviovs () MAGNUX COM BR>
Date: Fri, 16 Feb 2001 12:37:14 -0200
On Thu, 15 Feb 2001, Peter W wrote:
I can't believe how much has been written about an issue that's apparently fixed with a few lines of code. More patches, less pedantic finger pointing. Bottom line is the app does not, cannot enforce length constraints on usernames, so it needs to do proper bounds checking.
Here's the patch. It doen't matter how big is the limit of user names on the system, it just doesn't allow people to stuff crontab with data that it can't handle. diff -Nru cron3.0pl1.orig/crontab.c cron3.0pl1/crontab.c --- cron3.0pl1.orig/crontab.c Tue Feb 13 14:39:04 2001 +++ cron3.0pl1/crontab.c Tue Feb 13 14:43:47 2001 @@ -143,6 +143,13 @@ fprintf(stderr, "bailing out.\n"); exit(ERROR_EXIT); } + if ( strlen(pw->pw_name) > (sizeof(User)-1) ) + { + fprintf(stderr, "%s: your login name is too long.\n", + ProgramName); + fprintf(stderr, "bailing out.\n"); + exit(ERROR_EXIT); + } strcpy(User, pw->pw_name); strcpy(RealUser, User); Filename[0] = '\0'; -- Flávio
Current thread:
- vixie cron possible local root compromise Flatline (Feb 12)
- Re: vixie cron possible local root compromise Blake R. Swopes (Feb 12)
- Re: vixie cron possible local root compromise Robert Varga (Feb 14)
- Re: vixie cron possible local root compromise Arthur Clune (Feb 15)
- Re: vixie cron possible local root compromise Peter W (Feb 15)
- Re: vixie cron possible local root compromise Flavio Veloso (Feb 16)
- Re: vixie cron possible local root compromise Robert Varga (Feb 14)
- Re: vixie cron possible local root compromise Mate Wierdl (Feb 15)
- Re: vixie cron possible local root compromise Blake R. Swopes (Feb 12)
- Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 13)
- (CORRECTION) Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 14)
- Re: vixie cron possible local root compromise Valdis Kletnieks (Feb 14)
- Re: vixie cron possible local root compromise Juergen P. Meier (Feb 15)
- Re: vixie cron possible local root compromise Nelson Brito (Feb 15)