Bugtraq mailing list archives

Re: crontab from vixie-cron allows read other users crontabs

From: David Malone <dwmalone () maths tcd ie>
Date: Wed, 6 Apr 2005 22:31:56 +0100

On Wed, Apr 06, 2005 at 12:00:48PM +0200, Karol Wi?sek wrote:

Details:

Insufficient checks allows user to change during edition regular file to
symbolic link to any file. While copying crontab uses root permisions,
but also checks entrys, so attacker is only able to read properly
formated crontab files (another users crontabs).


Is this not the same bug as:

        http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html

which was fixed in a number of OSs at the time? For example on
FreeBSD you get an error that crontabs should be edited in place.

        David.

22:23:kac 18% setenv EDITOR /tmp/c
22:23:kac 19% crontab -e
/tmp/crontab.nW9oUGhN18
$ unlink /tmp/crontab.nW9oUGhN18
$ ln -s /var/cron/tabs/root
$ set -E
$ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18
$ exit
crontab: temp file must be edited in place
22:24:kac 20% uname 
FreeBSD

Current thread:

crontab from vixie-cron allows read other users crontabs Karol Więsek (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs Richard Moore (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs David Malone (Apr 07)
- Re: crontab from vixie-cron allows read other users crontabs Gadi Evron (Apr 07)