[Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs
From: Richard Moore (rich_at_westpoint.ltd.uk)
Date: 04/06/05
- Previous message: Feher Tamas: "[Full-disclosure] Re: Reverse engineering the Windows TCP stack"
- In reply to: Karol Wiêsek: "[Full-disclosure] crontab from vixie-cron allows read other users crontabs"
- Next in thread: Gadi Evron: "[Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Apr 2005 17:51:46 +0100 To: Karol Wiêsek <appelast@drumnbass.art.pl>
Karol Wiêsek wrote:
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).
It should be noted that files other than crontabs are valid
files as far as cron is concerned. This is because crontabs
may contain variable assignments and comments. This means
that it may be possible to read other configuration files
or scripts that confirm to the syntax used by cron.
Cheers
Rich.
-- Richard Moore, Principle Software Engineer, Westpoint Ltd, Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England Tel: +44 161 237 1028 Fax: +44 161 237 1031 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Feher Tamas: "[Full-disclosure] Re: Reverse engineering the Windows TCP stack"
- In reply to: Karol Wiêsek: "[Full-disclosure] crontab from vixie-cron allows read other users crontabs"
- Next in thread: Gadi Evron: "[Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
