[Bug 786096] VUL-1: cron does not close file descriptors before invocation of commands

https://bugzilla.novell.com/show_bug.cgi?id=786096 https://bugzilla.novell.com/show_bug.cgi?id=786096#c5 --- Comment #5 from Uwe Meyer-Gruhl 2012-10-29 17:35:54 UTC --- Initially, I did not think about the security implication, but I believe, that there actually is one: The open file and directory handles are not neccessarily already readable by users - for example with a user-specific crontab. There may be credentials in those files which are readably by cron but not by other users. So, IMO, there may be a privilege elevation issue, but those files can be seen only by the command that is being called, so the chance is slim. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.