edit others user crontab, security bug

rollingbits (Lucas) rollingbits at gmail.com
Thu Sep 1 18:10:07 UTC 2016

On Thu, Sep 1, 2016 at 10:37 AM, Matt Donovan <kitchetech at gmail.com> wrote:
> On Sep 1, 2016 8:15 AM, "Andrii Kuzik" <akuzik at gmail.com> wrote:


>> root# crontab -u www.promspecbud.com.other /tmp/test
>> root# crontab -u www.promspecbud.com -l
> So your doing it as root. Root can do that.  As it has access to everything.

This may be obvious but I think you can not: the first cron command
requests add a crontab to user 'www.promspecbud.com.other' but the
table ends in user 'www.promspecbud.com'. Is it advertising in user

rollingbits -- rollingbits at yahoo.com, lucasnm at ig.com.br,
rollingbits at gmail.com, rollingbits at terra.com.br, rollingbits at globo.com

More information about the freebsd-security mailing list