Full Disclosure mailing list archives
Re: crontab from vixie-cron allows read other users crontabs
From: Gadi Evron <ge () linuxbox org>
Date: Thu, 07 Apr 2005 00:24:44 +0400
Karol Więsek wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Name: vixie-cron
[snip]
Details: Insufficient checks allows user to change during edition regular file to symbolic link to any file. While copying crontab uses root permisions, but also checks entrys, so attacker is only able to read properly formated crontab files (another users crontabs).
[snip] It should be noted that this is redhat specific, not in "vixie-cron". *sniff* Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- crontab from vixie-cron allows read other users crontabs Karol Więsek (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs Richard Moore (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs Gadi Evron (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs David Malone (Apr 06)