4 May
2000
4 May
'00
21:23
Hi, trying to create a user-crontab, I found that crontab -e creates temporary files in /tmp. These files take the name /tmp/crontab.xxx where the extension seems to be the PID of the crontab -e command and thus are easy to guess by other people. Since /tmp is writable by everyone, someone else could possibly create a file following this naming convention, thereby disturbing the crontab command. I wasn´t able to smuggle data into the crontabs but this behavior can easily be used to do a DoS since the /tmp directory has the sticky-Bit set. Regards Roland Hilkenbach