[11614] in bugtraq
Re: [RHSA-1999:030-01] Buffer overflow in cron daemon
daemon@ATHENA.MIT.EDU (Kurt Seifried)
Tue Aug 31 20:43:04 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000d01bef2af$6a24ae60$1400010a@seifried.org>
Date: Mon, 30 Aug 1999 00:18:02 -0600
Reply-To: Kurt Seifried <listuser@seifried.org>
From: Kurt Seifried <listuser@SEIFRIED.ORG>
X-To: "Todd C. Miller" <Todd.Miller@COURTESAN.COM>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > Why not just have sendmail run as the user who owns the crontab?
> > I see no credible reason to run it as root. This is fairly
> > simple as do_command and cron_popen are only used to send mail
> > anyway.
>
> That should be "cron_popen is only used to send mail anyway".
>
> - todd
Silly question but does this crontab bug affect those of us running
qmail or postfix? I would assume yes but don't have the time to test
it. If anyone does/has I would be interested to hear.
- -Kurt Seifried
https://www.seifried.org/lasg/
http://securityportal.com/closet/
"Anyone interested in investing in a data haven satellite?"
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBN8oiGIb9cm7tpZo3EQKMAgCgz7cqslQQAYj3mUC9Izcf15FhmqgAn32p
fcksKiSFW7A606U5YROFFqVI
=zH7d
-----END PGP SIGNATURE-----
