Bugtraq mailing list archives
Re: [RHSA-1999:030-01] Buffer overflow in cron daemon
From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Sat, 28 Aug 1999 11:10:35 -0600
Why not just have sendmail run as the user who owns the crontab? I see no credible reason to run it as root. This is fairly simple as do_command and cron_popen are only used to send mail anyway. Doing sanity checks on your input is all well and good but there's no guarantee you will catch everything. - todd
Current thread:
- [RHSA-1999:030-01] Buffer overflow in cron daemon Bill Nottingham (Aug 25)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Michal Zalewski (Jul 04)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Todd C. Miller (Aug 28)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Kurt Seifried (Aug 29)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Olaf Kirch (Aug 26)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Sam Carter (Aug 27)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Adam Morrison (Aug 29)
- <Possible follow-ups>
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Todd C. Miller (Aug 28)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Michal Zalewski (Jul 04)