Author: JT Smith
At Linux Weekly News: “The crontab program is running setuser-id root and invokes the editor
specified in the EDITOR environment variable, usually vi.
If crontab discovers that the format of the edited file is incorrect, it
executes the editor again but fails to drop its root privileges before.
Therefore it is possible to execute arbitrary commands as root.
Sebastian Krahmer has found the bug. It has been fixed by properly dropping
the privileges before executing the editor.”
specified in the EDITOR environment variable, usually vi.
If crontab discovers that the format of the edited file is incorrect, it
executes the editor again but fails to drop its root privileges before.
Therefore it is possible to execute arbitrary commands as root.
Sebastian Krahmer has found the bug. It has been fixed by properly dropping
the privileges before executing the editor.”
Category:
- Linux
