Bugtraq mailing list archives
Re: vixie cron possible local root compromise
From: Peter van Dijk <peter () DATALOSS NL>
Date: Mon, 12 Feb 2001 19:47:38 +0100
On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote: [snip]
- Quick fix (diff output for crontab.c): 146c146 < strcpy(User, pw->pw_name); --- > strncpy(User, pw->pw_name, MAX_UNAME - 1);
Uhm, won't the user running crontab then get another user's crontab, if the 'stripped' username actually exists? Greetz, Peter.
Current thread:
- vixie cron possible local root compromise Flatline (Feb 12)
- Re: vixie cron possible local root compromise Blake R. Swopes (Feb 12)
- Re: vixie cron possible local root compromise Robert Varga (Feb 14)
- Re: vixie cron possible local root compromise Arthur Clune (Feb 15)
- Re: vixie cron possible local root compromise Peter W (Feb 15)
- Re: vixie cron possible local root compromise Flavio Veloso (Feb 16)
- Re: vixie cron possible local root compromise Robert Varga (Feb 14)
- Re: vixie cron possible local root compromise Mate Wierdl (Feb 15)
- Re: vixie cron possible local root compromise Blake R. Swopes (Feb 12)
- Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 13)
- (CORRECTION) Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 14)
- Re: vixie cron possible local root compromise Valdis Kletnieks (Feb 14)
- Re: vixie cron possible local root compromise Juergen P. Meier (Feb 15)
- Re: vixie cron possible local root compromise Nelson Brito (Feb 15)
- Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
- Re: vixie cron possible local root compromise Robert Bihlmeyer (Feb 15)