Perhaps I'm missing something here, but couldn't it be regarded as a bug in cron that it doesn't do a basic sanity check on its configuration files, to ensure that they are actually text files...? In which case, what turns the security problem from a DoS into an easy root-hole is the interaction of two bugs, rather than either bug in isolation... ouch.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds