Create an account

Subscribe to LWN

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

LWN.net Weekly Edition for February 2, 2012

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

What of cron?

What of cron?

Posted Jul 13, 2006 19:31 UTC (Thu) by hppnq (subscriber, #14462)
In reply to: What of cron? by hppnq
Parent article: Denial of reality vulnerabilities

I just didn't investigate whether cron works as designed in that case.

Yup, it does. So also in the /etc/cron.d case, a cracker would at least need to be able to manipulate the core dump's filename as well. Which requires root privileges on my system.

Again, this bug is trivially exploitable. But not by just dumping core in /etc/cron.d.

(Log in to post comments)

What of cron?

Posted Jul 14, 2006 5:23 UTC (Fri) by hppnq (subscriber, #14462) [Link]

[Nice, my own thread.]

Well, investigating a bit more turns up that indeed, dumping core in /etc/cron.d is sufficient: cron really doesn't care at all what files are called in /etc/cron.d. OMG. OMG. OMG. Jon, you were right as always.

(But really, cron's security model is *unbelievably* stupid.)

What of cron?

Posted Jul 19, 2006 7:25 UTC (Wed) by hein.zelle (guest, #33324) [Link]

Has this behaviour of cron led to any separate security advisories / fixes yet?

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds