[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: FALSE ALARM: Re: Another buggy root cron job
From: Bruce Evans <bde () zeta ! org ! au>
Date: 1996-12-26 0:45:28
[Download RAW message or body]
>My face is very red.
>
>>From /etc/weekly:
>echo /usr/libexec/locate.updatedb | nice -5 su -m nobody 2>&1 |\
> fgrep -v 'Permission denied'
>
>It's run as nobody.
Indeed.
There's a similar potential hole in mkdep. This hole is a bit larger
than the one for the race in mktemp(). No one runs `make depend' or
compiles things as root on public machines, right? ;-)
Bruce
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic