edit others user crontab, security bug
rollingbits (Lucas)
rollingbits at gmail.com
Thu Sep 1 18:10:07 UTC 2016
On Thu, Sep 1, 2016 at 10:37 AM, Matt Donovan <kitchetech at gmail.com> wrote:
> On Sep 1, 2016 8:15 AM, "Andrii Kuzik" <akuzik at gmail.com> wrote:
(...)
>> root# crontab -u www.promspecbud.com.other /tmp/test
>> root# crontab -u www.promspecbud.com -l
>
> So your doing it as root. Root can do that. As it has access to everything.
This may be obvious but I think you can not: the first cron command
requests add a crontab to user 'www.promspecbud.com.other' but the
table ends in user 'www.promspecbud.com'. Is it advertising in user
names?
--
rollingbits -- rollingbits at yahoo.com, lucasnm at ig.com.br,
rollingbits at gmail.com, rollingbits at terra.com.br, rollingbits at globo.com
More information about the freebsd-security
mailing list