|
Bugtraq
mailing list archives
Re: vixie cron possible local root compromise
From: Andrew Brown <atatat () ATATDOT NET>
Date: Mon, 12 Feb 2001 23:18:04 -0500
When crontab has determined the name of the user calling crontab (using
getpwuid()),
the login name is stored in a 20 byte buffer using the strcpy() function
(which does no bounds checking). 'useradd' (the utility used to add users
to the system)
however allows usernames of over 20 characters (32 at most on my distribution).
i can see how this is an "issue", but don't you already have to be
root to get a user name longer than 20 characters? or are you just
assuming that some admins out there will fail to balk at such a
strange request?
--
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org * "ah! i see you have the internet
twofsonet () graffiti com (Andrew Brown) that goes *ping*!"
andrew () crossbar com * "information is power -- share the wealth."
 By Date 
By Thread
Current thread:
- Re: vixie cron possible local root compromise, (continued)
Re: vixie cron possible local root compromise Kris Kennaway (Feb 13)
Re: vixie cron possible local root compromise Andrew Brown (Feb 13)
Re: vixie cron possible local root compromise Mark van Reijn (Feb 12)
Re: vixie cron possible local root compromise Wolfgang Wieser (Feb 15)
Re: vixie cron possible local root compromise Settle, Sean (Feb 15)
| 
Intro
