From owner-freebsd-bugs Mon Dec 16 14:16:42 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA07939 for bugs-outgoing; Mon, 16 Dec 1996 14:16:42 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id OAA07897; Mon, 16 Dec 1996 14:16:31 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vZlKO-0005ST-00; Mon, 16 Dec 1996 15:16:04 -0700 To: Marc Slemko Subject: Re: crontab security hole Cc: Dmitry Valdov , freebsd-bugs@freebsd.org, freebsd-security@freebsd.org In-reply-to: Your message of "Mon, 16 Dec 1996 06:51:33 MST." References: Date: Mon, 16 Dec 1996 15:16:04 -0700 From: Warner Losh Message-Id: Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message Marc Slemko writes: : It was fixed in -stable the other day by pst. The patch, pulled : from the CVS tree, follows. : : Index: cron/database.c : =================================================================== : RCS file: /usr/cvs/src/usr.sbin/cron/cron/database.c,v : retrieving revision 1.1.1.1 : retrieving revision 1.1.1.1.6.1 : diff -c -r1.1.1.1 -r1.1.1.1.6.1 : *** database.c 1994/08/27 13:43:03 1.1.1.1 : --- database.c 1996/12/15 20:37:47 1.1.1.1.6.1 : *************** : *** 112,119 **** : if (dp->d_name[0] == '.') : continue; : : ! (void) strcpy(fname, dp->d_name); : ! sprintf(tabname, CRON_TAB(fname)); : : process_crontab(fname, fname, tabname, : &statbuf, &new_db, old_db); : --- 112,119 ---- : if (dp->d_name[0] == '.') : continue; : : ! (void)snprintf(fname, sizeof fname, "%s", dp->d_name); : ! (void)snprintf(tabname, sizeof tabname, CRON_TAB(fname)); strncpy(fname, dp->d_name, sizeof(fname)-1 ); fname[sizeof(fname)-1] = '\0'; strncpy(tabname, CRON_TAB(fname), sizeof(tabname)-1 ); tabname[sizeof(tabname)-1] = '\0'; : process_crontab(fname, fname, tabname, : &statbuf, &new_db, old_db); ... etc ... would be a better fix since that doesn't involve stdio... Warner