Vulnerability Development mailing list archives

Re: crontab and sgid (was: nonsuid overflows... still at risk?)

From: Rafal Wojtczuk <nergal () www avet com pl>
Date: Sat, 9 Jun 2001 15:13:11 +0200 (CEST)



On Fri, 8 Jun 2001, Olaf Kirch wrote:

On Thu, Jun 07, 2001 at 03:43:19PM +0200, Tomasz Grabowski wrote:

I'am wondering if someone too saw sgid bit on the 'crontab' binary and can
tell us what is the reason of that situation?


In fact, Solar has suggested a patch to crontab (I believe it was his
idea, apologies if it was in fact someone else) that makes crontab
setgid crontab rather than setuid root. So there are valid reasons for
a setgid crontab.

I'm not sure who's using this patch right now, though.

Owl (http://www.openwall.com/Owl) installs setgid crontab by default.

Save yourself,
Nergal

Current thread:

Re: TCSH problems?, (continued)
- - Re: TCSH problems? Lee Smith (Jun 06)
    - Re: TCSH problems? sean (Jun 07)
  - Re: TCSH problems? poke (Jun 07)
- Re: nonsuid overflows... still at risk? Andrew R. Reiter (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
  - Re: nonsuid overflows... still at risk? KF (Jun 06)
    - Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
    - Re: nonsuid overflows... still at risk? KF (Jun 06)
    - crontab and sgid (was: nonsuid overflows... still at risk?) Tomasz Grabowski (Jun 07)
    - Re: crontab and sgid (was: nonsuid overflows... still at risk?) Olaf Kirch (Jun 08)
    - Re: crontab and sgid (was: nonsuid overflows... still at risk?) Rafal Wojtczuk (Jun 09)
- Re: nonsuid overflows... still at risk? Bela Lubkin (Jun 07)