Bugtraq mailing list archives
Re: crontab from vixie-cron allows read other users crontabs
From: David Malone <dwmalone () maths tcd ie>
Date: Wed, 6 Apr 2005 22:31:56 +0100
On Wed, Apr 06, 2005 at 12:00:48PM +0200, Karol Wi?sek wrote:
Details: Insufficient checks allows user to change during edition regular file to symbolic link to any file. While copying crontab uses root permisions, but also checks entrys, so attacker is only able to read properly formated crontab files (another users crontabs).
Is this not the same bug as: http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html which was fixed in a number of OSs at the time? For example on FreeBSD you get an error that crontabs should be edited in place. David. 22:23:kac 18% setenv EDITOR /tmp/c 22:23:kac 19% crontab -e /tmp/crontab.nW9oUGhN18 $ unlink /tmp/crontab.nW9oUGhN18 $ ln -s /var/cron/tabs/root $ set -E $ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18 $ exit crontab: temp file must be edited in place 22:24:kac 20% uname FreeBSD
Current thread:
- crontab from vixie-cron allows read other users crontabs Karol Więsek (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs Richard Moore (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs David Malone (Apr 07)
- Re: crontab from vixie-cron allows read other users crontabs Gadi Evron (Apr 07)