Vulnerability Development mailing list archives
crontab and sgid (was: nonsuid overflows... still at risk?)
From: Tomasz Grabowski <cadence () apollo aci com pl>
Date: Thu, 7 Jun 2001 16:14:00 +0200 (CEST)
--------------------------------------------------------------------------- To Moderator: There was very important mistake in my previous post. Please don't put my previous post to the list, instead put this one. Big sorry... --------------------------------------------------------------------------- On Wed, 6 Jun 2001, Michal Zalewski wrote:
On Wed, 6 Jun 2001, KF wrote:exactly what I was thinking... crontab -e calls vi to open the users crontab... this is why I was wondering if it could be exploited due to the fact that crontab is suid.Not really. As long as crontab itself is not broken, it should invoke vi without additional priviledges.
While there is discussion about crontab... 'crontab' should only be suid and *no* sgid I know that, but I think it should be common practice that if You are using suids in Your software You should check both euid and egid. Just in case someone screwed something up. I saw this situation few times on Unix systems - 'crontab' was suid and sgid to root. In this situation You can use $EDITOR to execute something with egid=root. I don't know why there was sgid. Maybe the reason was one of the following: - broken RPM - bad practice:if You want to remove suid bit You simply type 'chmod a-s', but after that if You want to set that bit back You can sometimes do 'chmod a+s' instead of 'chmod u+s'. - some kind of backdoor - something wrong with the distributon itself I'am wondering if someone too saw sgid bit on the 'crontab' binary and can tell us what is the reason of that situation? --- Tomasz Grabowski (0-91)4333950 Akademickie Centrum Informatyki mailto:cadence () man szczecin pl
Current thread:
- crontab and sgid (was: nonsuid overflows... still at risk?) Tomasz Grabowski (Jun 07)