From owner-freebsd-security  Tue Apr 11 04:04:52 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id EAA18304
          for security-outgoing; Tue, 11 Apr 1995 04:04:52 -0700
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id EAA18298
          for <freebsd-security@FreeBSD.org>; Tue, 11 Apr 1995 04:04:51 -0700
Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id EAA00370; Tue, 11 Apr 1995 04:02:40 -0700
Message-Id: <199504111102.EAA00370@precipice.shockwave.com>
To: Andrew Prendergast <ap@gmurrh.ozonline.com.au>
cc: adam@math.tau.ac.il, freebsd-security@FreeBSD.org
Subject: Re: atrun hole 
In-reply-to: Your message of "Wed, 12 Apr 2006 05:55:17 GMT."
             <200604120555.FAA00940@gmurrh.ozonline.com.au> 
Date: Tue, 11 Apr 1995 04:02:26 -0700
From: Paul Traina <pst@Shockwave.COM>
Sender: security-owner@FreeBSD.org
Precedence: bulk

Suffice it to say that at/atrun may be used to obtain root access for
a normal user.

You may block this merely by disabling atrun in your cron file.

  From: Andrew Prendergast <ap@gmurrh.ozonline.com.au>
  Subject: Re: atrun hole
  I missed the details.. Pleeze send me info (things like this make me somewhat
>> nervous).
  
  Andrew Prendergast
  
  NetCafe Admin