Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
/etc/cron.d is a very different place, it has nothing to do with per-user crontabs at all.
What of cron?
Posted Jul 13, 2006 18:26 UTC (Thu) by hppnq (guest, #14462)
(By the way, I did not mean to make the problem look any less serious than it is, though. Patch!)
Posted Jul 13, 2006 19:31 UTC (Thu) by hppnq (guest, #14462)
I just didn't investigate whether cron works as designed in that case.
Yup, it does. So also in the /etc/cron.d case, a cracker would at least need to be able to manipulate the core dump's filename as well. Which requires root privileges on my system.
Again, this bug is trivially exploitable. But not by just dumping core in /etc/cron.d.
Posted Jul 14, 2006 5:23 UTC (Fri) by hppnq (guest, #14462)
Well, investigating a bit more turns up that indeed, dumping core in /etc/cron.d is sufficient: cron really doesn't care at all what files are called in /etc/cron.d. OMG. OMG. OMG. Jon, you were right as always.
(But really, cron's security model is *unbelievably* stupid.)
Posted Jul 19, 2006 7:25 UTC (Wed) by hein.zelle (guest, #33324)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds