<<< Date Index >>>     <<< Thread Index >>>

Re: crontab from vixie-cron allows read other users crontabs



On Wed, Apr 06, 2005 at 12:00:48PM +0200, Karol Wi?sek wrote:
> Details:
> 
> Insufficient checks allows user to change during edition regular file to
> symbolic link to any file. While copying crontab uses root permisions,
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).

Is this not the same bug as:

        http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html

which was fixed in a number of OSs at the time? For example on
FreeBSD you get an error that crontabs should be edited in place.

        David.

22:23:kac 18% setenv EDITOR /tmp/c
22:23:kac 19% crontab -e
/tmp/crontab.nW9oUGhN18
$ unlink /tmp/crontab.nW9oUGhN18
$ ln -s /var/cron/tabs/root
$ set -E
$ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18
$ exit
crontab: temp file must be edited in place
22:24:kac 20% uname 
FreeBSD