Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!network.ucsd.edu!swrinde!cs.utexas.edu!uunet!pipex!uknet!mcsun!sun4nl!hacktic!not-for-mail From: cor@hacktic.nl (Cor) Newsgroups: comp.os.386bsd.bugs Subject: Re: security hole, crontab Date: 21 Jun 1993 04:20:30 +0200 Organization: Hack-Tic, networking for the masses Lines: 28 Message-ID: <2035tsINNjmn@xs4all.hacktic.nl> References: <3641@bigfoot.first.gmd.de> NNTP-Posting-Host: xs4all.hacktic.nl Keywords: security, alarm ats@bsd386.first.gmd.de (Andreas Schulz) writes: >[ NOTE: a newer version of cron with this bug fixed (and more features) > is available via anonymous-ftp from: > agate.berkeley.edu:pub/386BSD/386bsd-0.1/unofficial/newcron.tar.z > sun-lamp.cs.berkeley.edu:pub/misc/newcron.tar.z > that's an archive to gunzip+untar from /usr/src, which replaces > "libexec/crond" and "usr.bin/crontab". recompile and install them, > and this security hole will be gone. -- cgd ] >I had just a breakin in my system from a normal user to >the superuser. This is on 386bsd0.1 with 0.2.3 patchkit applied, >if you are security aware, create a file "/var/cron/allow" and >put the users into it, that you also trust as superuser. Or change >the permissions of /usr/bin/crontab, remove the SUID bit on it. Ive reported this bug a few weeks ago to vixie. I think he fixed it the same day. Didnt think i should have reported it to any newsgroups like this since it was too trivial :) cor btw...is everyone aware the old..old....OLD rdist bug works on 386bsd? -- | cor@hacktic.nl | Hack-Tic System Management | +31-20-6001480-3 (VMB) | | -------------------------------------------------------------------------| | ######### Signature Virus Running. Contamination Complete ######### | +--------------------------------------------------------------------------+