[11587] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: [RHSA-1999:030-01] Buffer overflow in cron daemon

daemon@ATHENA.MIT.EDU (Todd C. Miller)
Mon Aug 30 01:17:37 1999

Message-Id:  <199908281710.LAA23080@xerxes.cs.colorado.edu>
Date:         Sat, 28 Aug 1999 11:10:35 -0600
Reply-To: "Todd C. Miller" <Todd.Miller@COURTESAN.COM>
From: "Todd C. Miller" <Todd.Miller@COURTESAN.COM>
X-To:         Michal Zalewski <lcamtuf@IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  Your message of "Mon, 05 Jul 1999 03:27:32 +0200." 
              <lcamtuf.4.05.9907050313390.622-100000@nimue.ids.pl>

Why not just have sendmail run as the user who owns the crontab?
I see no credible reason to run it as root.  This is fairly simple
as do_command and cron_popen are only used to send mail anyway.

Doing sanity checks on your input is all well and good but there's
no guarantee you will catch everything.

 - todd


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[11587] in bugtraq

Re: [RHSA-1999:030-01] Buffer overflow in cron daemon

daemon@ATHENA.MIT.EDU (Todd C. Miller)Mon Aug 30 01:17:37 1999

daemon@ATHENA.MIT.EDU (Todd C. Miller)
Mon Aug 30 01:17:37 1999