Mailinglist Archive: opensuse-security (192 mails)

< Previous Next >
Re: [suse-security] temporary files created by crontab -e
  • From: "Petri Sirkkala." <petes@xxxxxxxxxxxxx>
  • Date: Thu, 4 May 2000 19:16:13 +0300 (EEST)
  • Message-id: <Pine.LNX.4.10.10005041909330.18153-100000@xxxxxxxxxxxxxxxxx>


On Thu, 4 May 2000, Roland Hilkenbach wrote:

> Hi,
> trying to create a user-crontab, I found that crontab -e creates
> temporary files in /tmp. These files take the name /tmp/crontab.xxx
> where the extension seems to be the PID of the crontab -e command and
> thus are easy to guess by other people.
> Since /tmp is writable by everyone, someone else could possibly create a
> file following this naming convention, thereby disturbing the crontab
> command. I wasn´t able to smuggle data into the crontabs but this

I assume crontab checks for the files existence _before_ creating it.
This is a standard when dealing with tmp files. You might consider
reading more about system programming using tmp files. Just creating a
file to tmp _blindly_ would be dangerous (as it might overwrite another
file, possibly a link to some important file). I think crontab is
written this in mind.

> behavior can easily be used to do a DoS since the /tmp directory has the
> sticky-Bit set.

What? No sticky bits are set at my installation. That would be a major
mistake allowing others to make files belonging to root:root. Just think
what these files could do, if made setuid too? You should doublecheck
your system, if someone has somehow made your tmp setgid- or setuid
something.

-Pete

>
> Regards
> Roland Hilkenbach
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>



< Previous Next >
References