edit others user crontab, security bug

Ed Maste emaste at freebsd.org
Sun Sep 4 01:44:10 UTC 2016

On 3 September 2016 at 02:31, Garrett Wollman <wollman at bimajority.org> wrote:
> I see now that this was fixed by emaste@ yesterday (r305269).  I'm a
> bit disappointed that it was done using MAXLOGNAME, but looking at the
> way it's used in the code, fixing it to use the proper POSIX parameter
> {LOGIN_NAME_MAX} would require significant restructuring, ...

Yep, as I mentioned in the code review for my change I agree cron
warrants a deeper investigation and refactoring, but I wanted to get
the immediate issue fixed as soon as possible.


More information about the freebsd-security mailing list