From owner-freebsd-security Mon Oct 30 1:50:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 335E637B4C5 for ; Mon, 30 Oct 2000 01:50:32 -0800 (PST) Received: (qmail 4149 invoked by uid 1000); 30 Oct 2000 09:50:31 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Oct 2000 09:50:31 -0000 Date: Mon, 30 Oct 2000 04:50:30 -0500 (EST) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Kris Kennaway Cc: FreeBSD-SECURITY Subject: Re: crontab problem In-Reply-To: <20001030014440.A11913@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Kris, I'll pull the patch out of the archives for -audit, hopefully it's been archived already; as I don't know how often the posts are added to the archive. I'll do some testing here on a few machines and see what comes out of it. - -Matt On Mon, 30 Oct 2000, Kris Kennaway wrote: : There was a patch posted to -audit a few days ago which is yet : unreviewed but claims to address the issue. Note that we've been : unable to replicate the claimed full impact of the problem on FreeBSD : - the impact seems to be limited to reading files which are a valid : cron job syntax, meaning basically files which are entirely commented : out, or actual cron jobs (e.g. those owned by other users). Still a : problem, though. : : Kris * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5/URndMMtMcA1U5ARAiNYAJ9O+zEMheMMSSn42u0jg3tgxXFyhwCg8TwI FREZW4YLKIBeaWVDDzTzZZ8= =C1ey -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message