Date: Thu, 1 Sep 2016 08:37:46 -0500 From: Matt Donovan <kitchetech@gmail.com> To: Andrii Kuzik <akuzik@gmail.com> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: edit others user crontab, security bug Message-ID: <CAD-N7ODdRqRsRMGGttan-JcZ9OKmE86G8kQOZ8kf%2B1fPT368og@mail.gmail.com> In-Reply-To: <CA%2Bf9Cbu8q2KngxgAmZ8BrKYyYC5okDcMAs4nd=SJS6YpBMRJcQ@mail.gmail.com> References: <CA%2Bf9Cbu8q2KngxgAmZ8BrKYyYC5okDcMAs4nd=SJS6YpBMRJcQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
So your doing it as root. Root can do that. As it has access to everything. On Sep 1, 2016 8:15 AM, "Andrii Kuzik" <akuzik@gmail.com> wrote: > Probably a lot of freebsd servers affected > > Security bug allows to edit other users crontab > > root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp > root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp > root# echo @daily doit baby > /tmp/test > root# crontab -u www.promspecbud.com.other /tmp/test > root# crontab -u www.promspecbud.com -l > > =====output ===== > @daily doit baby > ================= > > root#echo @daily doit baby one more time>> /tmp/test > root#sudo -u www.promspecbud.com.other crontab /tmp/test > root#sudo -u www.promspecbud.com crontab -l > =====output ===== > @daily doit baby > @daily doit baby one more time > ================= > > root# uname -a > FreeBSD kuzik 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 > 02:10:02 UTC 2016 > root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 > > best regards, Andrii Kuzik > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD-N7ODdRqRsRMGGttan-JcZ9OKmE86G8kQOZ8kf%2B1fPT368og>