|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: crontab from vixie-cron allows read other users crontabs
From: Gadi Evron (ge
linuxbox.org)
Date: Wed Apr 06 2005 - 15:24:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Karol Wiêsek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Name: vixie-cron
[snip]
> Details:
>
> Insufficient checks allows user to change during edition regular file to
> symbolic link to any file. While copying crontab uses root permisions,
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).
[snip]
It should be noted that this is redhat specific, not in "vixie-cron".
*sniff*
Gadi.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]