Bugtraq mailing list archives
Re: [RHSA-1999:030-01] Buffer overflow in cron daemon
From: listuser () SEIFRIED ORG (Kurt Seifried)
Date: Mon, 30 Aug 1999 00:18:02 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Why not just have sendmail run as the user who owns the crontab? I see no credible reason to run it as root. This is fairly simple as do_command and cron_popen are only used to send mail anyway.That should be "cron_popen is only used to send mail anyway". - todd
Silly question but does this crontab bug affect those of us running qmail or postfix? I would assume yes but don't have the time to test it. If anyone does/has I would be interested to hear. - -Kurt Seifried https://www.seifried.org/lasg/ http://securityportal.com/closet/ "Anyone interested in investing in a data haven satellite?" -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com> iQA/AwUBN8oiGIb9cm7tpZo3EQKMAgCgz7cqslQQAYj3mUC9Izcf15FhmqgAn32p fcksKiSFW7A606U5YROFFqVI =zH7d -----END PGP SIGNATURE-----
Current thread:
- [RHSA-1999:030-01] Buffer overflow in cron daemon Bill Nottingham (Aug 25)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Michal Zalewski (Jul 04)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Todd C. Miller (Aug 28)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Kurt Seifried (Aug 29)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Olaf Kirch (Aug 26)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Sam Carter (Aug 27)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Adam Morrison (Aug 29)
- <Possible follow-ups>
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Todd C. Miller (Aug 28)
- Re: [RHSA-1999:030-01] Buffer overflow in cron daemon Michal Zalewski (Jul 04)