*BSD News Article 26362


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!bunyip.cc.uq.oz.au!harbinger.cc.monash.edu.au!yeshua.marcam.com!usc!howland.reston.ans.net!EU.net!sun4nl!tuegate.tue.nl!news.win.tue.nl!wzv.win.tue.nl!gvr.win.tue.nl!guido
From: guido@gvr.win.tue.nl (Guido van Rooij)
Newsgroups: comp.os.386bsd.bugs
Subject: Re: cron..again..fix it already :)
Date: 22 Jan 1994 13:42:12 GMT
Organization: Eindhoven University of Technology, The Netherlands
Lines: 25
Message-ID: <2hrafk$c5o@wzv.win.tue.nl>
References: <2hpvvuINNf8u@dds.hacktic.nl>
NNTP-Posting-Host: gvr.win.tue.nl

cor@dds.hacktic.nl (Cor Bosman) writes:

>I was amazed to see that at least one of the _extremely_ trivial
>ways to get root on a *bsd machine still works on FreeBSD.
>A friend of mine just installed the current version, and
>just for the hell of it I tried it..and it still works..
>Maintainers of freebsd..please update the vixiecron that comes
>with it..its a very big security risk. I believe Vixie made a 
>newer, somewhat more secure version.
>Cor...

It will be commited either tonight or tomorrow by me. The reason for
me to wait was because we needed to commit another bug fix in order
for the new cron to be commited. And of course time.
All I can say about the old version is: don't use it.

>-- 
>test123

-Guido
-- 
Guido van Rooij                 |  Internet: guido@gvr.win.tue.nl
Bisschopsmolen 16               |  Phone:    ++31.40.461433
5612 DS Eindhoven               |  ((12+144+20)+3*sqrt(4))/7 
The Netherlands                 |    +(5*11)=9^2+0