Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!doc.ic.ac.uk!uknet!mcsun!sun4nl!hacktic!not-for-mail From: cor@hacktic.nl (Cor) Newsgroups: comp.os.386bsd.questions Subject: crond, crontab...turn it off. Date: 14 Sep 1993 21:43:22 +0200 Organization: Hack-Tic, networking for the masses Lines: 17 Message-ID: <2756t8INNgfd@xs4all.hacktic.nl> NNTP-Posting-Host: xs4all.hacktic.nl I would suggest anyone who uses vixie's crond, to remove the suid bit on crontab(1). It is amazingly insecure. We've found at least 3 different bugs to get root, or to view any file on the system. These are trivial bugs btw. A friend of mine is working on some patches, which he will probably email to Vixie. But I must say..we've emailed vixie before with trivial ways to get root through his crond, and he didnt seem to have done much about it. Please dont email me on HOW to get root. I wont say it anyways. Just remove the suid bit and yer safe. (sorta :) Also..i guess 386bsd isnt the only OS using that crond. Feel free to warn other people :) cor -- | cor@hacktic.nl | Hack-Tic System Management | +31-20-6001480-3 (VMB) | | -------------------------------------------------------------------------| | ######### Signature Virus Running. Contamination Complete ######### | +--------------------------------------------------------------------------+