From owner-freebsd-security Tue Apr 11 04:04:52 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id EAA18304 for security-outgoing; Tue, 11 Apr 1995 04:04:52 -0700 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id EAA18298 for ; Tue, 11 Apr 1995 04:04:51 -0700 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id EAA00370; Tue, 11 Apr 1995 04:02:40 -0700 Message-Id: <199504111102.EAA00370@precipice.shockwave.com> To: Andrew Prendergast cc: adam@math.tau.ac.il, freebsd-security@FreeBSD.org Subject: Re: atrun hole In-reply-to: Your message of "Wed, 12 Apr 2006 05:55:17 GMT." <200604120555.FAA00940@gmurrh.ozonline.com.au> Date: Tue, 11 Apr 1995 04:02:26 -0700 From: Paul Traina Sender: security-owner@FreeBSD.org Precedence: bulk Suffice it to say that at/atrun may be used to obtain root access for a normal user. You may block this merely by disabling atrun in your cron file. From: Andrew Prendergast Subject: Re: atrun hole I missed the details.. Pleeze send me info (things like this make me somewhat >> nervous). Andrew Prendergast NetCafe Admin