Full Disclosure mailing list archives
Re: crontab from vixie-cron allows read other users crontabs
From: Richard Moore <rich () westpoint ltd uk>
Date: Wed, 06 Apr 2005 17:51:46 +0100
Karol Więsek wrote:
but also checks entrys, so attacker is only able to read properly formated crontab files (another users crontabs).
It should be noted that files other than crontabs are valid files as far as cron is concerned. This is because crontabs may contain variable assignments and comments. This means that it may be possible to read other configuration files or scripts that confirm to the syntax used by cron. Cheers Rich. -- Richard Moore, Principle Software Engineer, Westpoint Ltd, Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England Tel: +44 161 237 1028 Fax: +44 161 237 1031 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- crontab from vixie-cron allows read other users crontabs Karol Więsek (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs Richard Moore (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs Gadi Evron (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs David Malone (Apr 06)