[Full-disclosure] Re: crontab from vixie-cron allows read other users crontabs

From: Richard Moore (rich_at_westpoint.ltd.uk)
Date: 04/06/05

  • Next message: : "[Full-disclosure] PopUp Plus plugin for Miranda Instant Messenger Buffer Overflow"
    Date: Wed, 06 Apr 2005 17:51:46 +0100
    To: Karol Wisek <appelast@drumnbass.art.pl>
    
    

    Karol Wisek wrote:
    > but also checks entrys, so attacker is only able to read properly
    > formated crontab files (another users crontabs).

    It should be noted that files other than crontabs are valid
    files as far as cron is concerned. This is because crontabs
    may contain variable assignments and comments. This means
    that it may be possible to read other configuration files
    or scripts that confirm to the syntax used by cron.

    Cheers

    Rich.

    -- 
    Richard Moore, Principle Software Engineer,
    Westpoint Ltd,
    Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
    Tel: +44 161 237 1028
    Fax: +44 161 237 1031
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/
    

  • Next message: : "[Full-disclosure] PopUp Plus plugin for Miranda Instant Messenger Buffer Overflow"

    Relevant Pages

    • Re: cron(8) improvement
      ... A user was asking how to do what linux cron does, ... directory /etc/cron.d/ that packages and add files to to create crontabs. ... If the application is installing its own user they could install their ...
      (freebsd-current)
    • Re: Job Schedulers (preferably Open Source)
      ... their cron jobs may or may not be important, may or may not keep running, ... I get to go change 30 crontabs. ... > in the open source world, because cron takes up 99% of that ecological niche, ... I think you're understimating the usefulness of a true scheduling system. ...
      (comp.unix.admin)
    • Re: cron(8) improvement
      ... On Tue, Nov 5, 2013, at 11:37, Nikolai Lifanov wrote: ... A user was asking how to do what linux cron does, ... directory /etc/cron.d/ that packages and add files to to create crontabs. ...
      (freebsd-current)
    • Re: crontab from vixie-cron allows read other users crontabs
      ... > formated crontab files (another users crontabs). ... It should be noted that files other than crontabs are valid ... or scripts that confirm to the syntax used by cron. ... Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England ...
      (Bugtraq)
    • Re: Gentoo emerge weirdness
      ... the only member of group cron is cron on this box. ... Different crontabs have their own users though, ... Some of the others probably install ... installed as root. ...
      (uk.comp.os.linux)