LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What of cron?

What of cron?

Posted Jul 13, 2006 17:57 UTC (Thu) by spitzak (guest, #4593)
In reply to: What of cron? by droundy
Parent article: Denial of reality vulnerabilities

But most of those programs would get an error on the first "command" it found in the file of garbage and quit at that point, never able to reach the embedded command.

I would think a program that keeps parsing text from the file, ignoring errors no matter how bad they are, is a security hole, as this shows. I would suspect that not just cron is at fault, I would look at every older Unix utility.

(Log in to post comments)

What of cron?

Posted Jul 21, 2006 5:59 UTC (Fri) by Cato (subscriber, #7643) [Link]

Exactly - the fact that cron can execute strings found in the middle of core files is a security issue and should be fixed at the same time.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds