[11588] in bugtraq
Re: [RHSA-1999:030-01] Buffer overflow in cron daemon
daemon@ATHENA.MIT.EDU (Todd C. Miller)
Mon Aug 30 01:53:37 1999
Message-Id: <199908281722.LAA04510@xerxes.cs.colorado.edu>
Date: Sat, 28 Aug 1999 11:22:59 -0600
Reply-To: "Todd C. Miller" <Todd.Miller@COURTESAN.COM>
From: "Todd C. Miller" <Todd.Miller@COURTESAN.COM>
X-To: Michal Zalewski <lcamtuf@IDS.PL>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Sat, 28 Aug 1999 11:10:35 MDT."
> Why not just have sendmail run as the user who owns the crontab?
> I see no credible reason to run it as root. This is fairly simple
> as do_command and cron_popen are only used to send mail anyway.
That should be "cron_popen is only used to send mail anyway".
- todd
