From owner-freebsd-security Mon Dec 16 13:13:03 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id NAA03321 for security-outgoing; Mon, 16 Dec 1996 13:13:03 -0800 (PST) Received: from rocket.Ngbert.org (ROCKET.RES.CMU.EDU [128.2.92.143]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id NAA03315; Mon, 16 Dec 1996 13:12:59 -0800 (PST) Received: from localhost (ayn@localhost) by rocket.Ngbert.org (8.7.5/8.7.3) with SMTP id QAA20725; Mon, 16 Dec 1996 16:09:10 -0500 (EST) Date: Mon, 16 Dec 1996 16:09:10 -0500 (EST) From: Andrew Y Ng To: Dmitry Valdov cc: freebsd-bugs@freebsd.org, freebsd-security@freebsd.org Subject: Re: crontab security hole In-Reply-To: Message-ID: Organization: Carnegie Mellon University MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- well, just disallow certain "dangerous" user for setting up cron jobs. or just allow some "good" users to setup cron jobs... :) /ayn On Mon, 16 Dec 1996, Dmitry Valdov wrote: > Are there any fixes for crontab? I've exploit which allow any user to become > root using crontab security hole. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMrW6dJ6qvWJYgw1hAQHk9QP5AamfF/IA2HUuHqfewPk/sbJ2H0OR+964 b9LLoTgEY+siLSIXXi3lvJWBBgqe5rW//MbNR+ZDoV+3BKkW9aZV+IWqcZQh4VH1 KZ2DcXt8ybcFWSJXTpwtamTCYiYIHP1e5WLqhCvilPvXvY4S9s3FA3QSoypMp4R+ YKxVNFkV1aY= =ju8p -----END PGP SIGNATURE----- -- Andrew Y Ng | Carnegie Mellon University http://andrew.Ngbert.org | ECE major, Music minor campus ph: 412/862-2836 | voice mail: 412/268-6700 x30027 | talk: finger ayn@andrew.Ngbert.org * NGBERT.ORG! * | for online status http://www.Ngbert.org | finger ayn@CMU.EDU for more info... --------------------------X------------------------------------- NetBSD FreeBSD Linux NeXT Be Solaris !windoze . Check three friends. If they're OK, you're it.