Re: crontab from vixie-cron allows read other users crontabs
On Wed, Apr 06, 2005 at 12:00:48PM +0200, Karol Wi?sek wrote:
> Details:
>
> Insufficient checks allows user to change during edition regular file to
> symbolic link to any file. While copying crontab uses root permisions,
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).
Is this not the same bug as:
http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html
which was fixed in a number of OSs at the time? For example on
FreeBSD you get an error that crontabs should be edited in place.
David.
22:23:kac 18% setenv EDITOR /tmp/c
22:23:kac 19% crontab -e
/tmp/crontab.nW9oUGhN18
$ unlink /tmp/crontab.nW9oUGhN18
$ ln -s /var/cron/tabs/root
$ set -E
$ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18
$ exit
crontab: temp file must be edited in place
22:24:kac 20% uname
FreeBSD