Return to BSD News archive
Xref: sserve comp.os.386bsd.bugs:933 comp.os.386bsd.announce:71 Path: sserve!newshost.anu.edu.au!munnari.oz.au!uunet!gatech!howland.reston.ans.net!agate!agate!usenet From: ats@bsd386.first.gmd.de (Andreas Schulz) Newsgroups: comp.os.386bsd.bugs,comp.os.386bsd.announce Subject: security hole, crontab Followup-To: comp.os.386bsd.bugs Date: 20 Jun 1993 18:36:06 -0700 Organization: University of California, Berkeley Lines: 27 Sender: cgd@agate.berkeley.edu Approved: 386bsd-announce-request@agate.berkeley.edu Message-ID: <3641@bigfoot.first.gmd.de> NNTP-Posting-Host: agate.berkeley.edu Summary: breakins possible Keywords: security, alarm Status: R [ NOTE: a newer version of cron with this bug fixed (and more features) is available via anonymous-ftp from: agate.berkeley.edu:pub/386BSD/386bsd-0.1/unofficial/newcron.tar.z sun-lamp.cs.berkeley.edu:pub/misc/newcron.tar.z that's an archive to gunzip+untar from /usr/src, which replaces "libexec/crond" and "usr.bin/crontab". recompile and install them, and this security hole will be gone. -- cgd ] I had just a breakin in my system from a normal user to the superuser. This is on 386bsd0.1 with 0.2.3 patchkit applied, if you are security aware, create a file "/var/cron/allow" and put the users into it, that you also trust as superuser. Or change the permissions of /usr/bin/crontab, remove the SUID bit on it. I will give the details out of it in personal email, but not until Tuesday evening/ Thursday morning, so what most administrators had a chance to fix it first. And i am also not in town the next days, and don't know if can read mail in the time between. -- ATS ( ats@first.gmd.de or ats@cs.tu-berlin.de ) Andreas Schulz GMD-FIRST O-1199 Berlin-Adlershof Rudower Chaussee 5 Gebaeude 13.7 Tel: +49-30-6392-1856 Germany/Europe -- Please send submissions for comp.os.386bsd.announce to: 386bsd-announce@agate.berkeley.edu