*BSD News Article 20962


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!doc.ic.ac.uk!uknet!mcsun!sun4nl!hacktic!not-for-mail
From: cor@hacktic.nl (Cor)
Newsgroups: comp.os.386bsd.questions
Subject: crond, crontab...turn it off.
Date: 14 Sep 1993 21:43:22 +0200
Organization: Hack-Tic, networking for the masses
Lines: 17
Message-ID: <2756t8INNgfd@xs4all.hacktic.nl>
NNTP-Posting-Host: xs4all.hacktic.nl

I would suggest anyone who uses vixie's crond, to remove the suid
bit on crontab(1). It is amazingly insecure. We've found at least
3 different bugs to get root, or to view any file on the system.
These are trivial bugs btw. 
A friend of mine is working on some patches, which he will probably
email to Vixie. But I must say..we've emailed vixie before with trivial
ways to get root through his crond, and he didnt seem to have done much
about it.  Please dont email me on HOW to get root. I wont say it anyways.
Just remove the suid bit and yer safe. (sorta :)
Also..i guess 386bsd isnt the only OS using that crond. Feel free to
warn other people :)
cor
-- 
| cor@hacktic.nl | Hack-Tic System Management | +31-20-6001480-3 (VMB)  |
| -------------------------------------------------------------------------|
|   ######### Signature Virus Running. Contamination Complete #########    |
+--------------------------------------------------------------------------+