<<< Date Index >>>     <<< Thread Index >>>

Re: crontab from vixie-cron allows read other users crontabs



Karol Więsek wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Name:                   vixie-cron

[snip]

Details:

Insufficient checks allows user to change during edition regular file to
symbolic link to any file. While copying crontab uses root permisions,
but also checks entrys, so attacker is only able to read properly
formated crontab files (another users crontabs).

[snip]

It should be noted that this is redhat specific, not in "vixie-cron".

*sniff*

        Gadi.