Bugtraq: Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability

From: Bill Sommerfeld <sommerfeld () orchard arlington ma us>
Date: Thu, 26 Oct 2000 16:28:10 -0400

For what it's worth, I'm unable to reproduce this problem on NetBSD;
its crontab(1) program keeps the temporary file open while the editor
runs, and then does a rewind() on it to reread it from the beginning,
so it can't be confused into reading a different file if you delete,
rename, or replace the temporary file..

                                                - Bill

By Date By Thread

Current thread:

Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability, (continued)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Sergey Nenashev (Oct 25)
  - Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 26)
    - Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Kris Kennaway (Oct 27)
    - Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 27)
    - Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Casper Dik (Oct 27)
    - Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Bill Sommerfeld (Oct 27)
  - Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Andrey Alekseyev (Oct 26)
  - Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Robert Watson (Oct 27)