FreeBSD Mail Archives

Date:      Thu, 1 Sep 2016 15:10:05 -0300
From:      "rollingbits (Lucas)" <rollingbits@gmail.com>
To:        Matt Donovan <kitchetech@gmail.com>
Cc:        Andrii Kuzik <akuzik@gmail.com>, freebsd-security <freebsd-security@freebsd.org>
Subject:   Re: edit others user crontab, security bug
Message-ID:  <CAGqZ3S1wVjJ2Q9=AfLtiewxXUj6yO%2BLwKhG34dFQcZh5WR-7cA@mail.gmail.com>
In-Reply-To: <CAD-N7ODdRqRsRMGGttan-JcZ9OKmE86G8kQOZ8kf%2B1fPT368og@mail.gmail.com>
References:  <CA%2Bf9Cbu8q2KngxgAmZ8BrKYyYC5okDcMAs4nd=SJS6YpBMRJcQ@mail.gmail.com> <CAD-N7ODdRqRsRMGGttan-JcZ9OKmE86G8kQOZ8kf%2B1fPT368og@mail.gmail.com>

On Thu, Sep 1, 2016 at 10:37 AM, Matt Donovan <kitchetech@gmail.com> wrote:
> On Sep 1, 2016 8:15 AM, "Andrii Kuzik" <akuzik@gmail.com> wrote:

(...)

>> root# crontab -u www.promspecbud.com.other /tmp/test
>> root# crontab -u www.promspecbud.com -l
>
> So your doing it as root. Root can do that.  As it has access to everything.

This may be obvious but I think you can not: the first cron command
requests add a crontab to user 'www.promspecbud.com.other' but the
table ends in user 'www.promspecbud.com'. Is it advertising in user
names?

-- 
rollingbits -- rollingbits@yahoo.com, lucasnm@ig.com.br,
rollingbits@gmail.com, rollingbits@terra.com.br, rollingbits@globo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGqZ3S1wVjJ2Q9=AfLtiewxXUj6yO%2BLwKhG34dFQcZh5WR-7cA>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation