Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_4

Bugtraq archives for 4th quarter (Oct-Dec) 1996: Problem with default slackware crontabs

Problem with default slackware crontabs

Jon Snyder (jonbetterthan.northstar.k12.ak.us)
Tue, 24 Dec 1996 14:34:51 -0900

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "jj cgi"
Previous message: SGI Security Coordinator: "Re: mktemp() and friends"
Next in thread: Jared Mauch: "Re: Problem with default slackware crontabs"

Using Slackware 3.0, I noticed a problem with the default root crontab.  It
runs updatedb at 7:40 a.m. every day, but unforunately updatedb has a
temporary file security problem--it doesn't check for symlinks (or if the
file exists, for that matter).  updatedb will write to /var/tmp (or
/usr/tmp), and although the filename includes the PID of the shell the
script is running under, a vulnerability still exists.  I've taken updatedb
out of my crontab, because locate is never used on my system.  However, it
might be wise to modify the script so as to prevent exploits from
compromising your systems.


Jon Snyder
Student Network Technician, FNSBSD
(907) 452-2000 x. 376

Next message: Aleph One: "jj cgi"
Previous message: SGI Security Coordinator: "Re: mktemp() and friends"
Next in thread: Jared Mauch: "Re: Problem with default slackware crontabs"