Bugtraq mailing list archives
Re: FALSE ALARM: Re: Another buggy root cron job
From: bde () zeta org au (Bruce Evans)
Date: Thu, 26 Dec 1996 00:45:28 +1100
My face is very red.From /etc/weekly:echo /usr/libexec/locate.updatedb | nice -5 su -m nobody 2>&1 |\ fgrep -v 'Permission denied' It's run as nobody.
Indeed. There's a similar potential hole in mkdep. This hole is a bit larger than the one for the race in mktemp(). No one runs `make depend' or compiles things as root on public machines, right? ;-) Bruce
Current thread:
- Re: FALSE ALARM: Re: Another buggy root cron job Bruce Evans (Dec 25)