Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: crontab from vixie-cron allows read other users crontabs
From: Gadi Evron (gelinuxbox.org)
Date: Wed Apr 06 2005 - 15:24:44 CDT
Karol WiÍsek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Name: vixie-cron
> Insufficient checks allows user to change during edition regular file to
> symbolic link to any file. While copying crontab uses root permisions,
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).
It should be noted that this is redhat specific, not in "vixie-cron".