vixie-cron: privilege escalation
Posted Jul 22, 2006 19:48 UTC (Sat) by jfs
Parent article: vixie-cron: privilege escalation
I was surprised to see that this was fixed in Debian (before I go to maintain the cron package) as it was done by the previous maintainer (Steve Greenland) over 5 years ago! See http://svn.debian.org/wsvn/pkg-cron/trunk/?rev=153&sc=1
OpenBSD (on which OpenWall Linux is based on) fixed this (only :) 2 years ago, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/cron/d... but FreeBSD only did so recently: http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/cron/c...
and so did NetBSD: http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/cron/do_...
Since Paul Vixie's cron is such a heavily-used package (by most GNU/Linux and BSD operating systems) and there's lots of patches and improvements from different vendors I wonder if all the cron maintainers should get together in order to do a proper review of what other's have patched and try to get an improved (and common) codebase.
to post comments)