oss-sec mailing list archives

bcron: cron jobs get access to the temporary output files from all other jobs that are still running

From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 16 Jan 2013 21:42:26 +0100

Hi

I haven't found if there was already a request for this.

In Debian Bugtracker it was closed [1] today. It is possible due to a
bug in bcron-exec that cron jobs get access to the temporary output
files from other jobs that are still running. This is also mentioned
in upstream's NEWS[2]. The commit to fix this on github should be[3].
Even it looks bcron is not broadly used, could the above get a CVE?

 [1]: http://bugs.debian.org/686650
 [2]: http://untroubled.org/bcron/NEWS
 [3]: https://github.com/bruceg/bcron/commit/7e3b8d7a82a6712f4607aae151a3ba8843dc6c86

Regards,
Salvatore

Current thread:

bcron: cron jobs get access to the temporary output files from all other jobs that are still running Salvatore Bonaccorso (Jan 16)
- Re: bcron: cron jobs get access to the temporary output files from all other jobs that are still running Kurt Seifried (Jan 16)