oss-sec mailing list archives
bcron: cron jobs get access to the temporary output files from all other jobs that are still running
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 16 Jan 2013 21:42:26 +0100
Hi I haven't found if there was already a request for this. In Debian Bugtracker it was closed [1] today. It is possible due to a bug in bcron-exec that cron jobs get access to the temporary output files from other jobs that are still running. This is also mentioned in upstream's NEWS[2]. The commit to fix this on github should be[3]. Even it looks bcron is not broadly used, could the above get a CVE? [1]: http://bugs.debian.org/686650 [2]: http://untroubled.org/bcron/NEWS [3]: https://github.com/bruceg/bcron/commit/7e3b8d7a82a6712f4607aae151a3ba8843dc6c86 Regards, Salvatore
Current thread:
- bcron: cron jobs get access to the temporary output files from all other jobs that are still running Salvatore Bonaccorso (Jan 16)