Hi Jeffrey, On 2023-12-02 11:39, Jeffrey Bencteux wrote: > Hi, > > Both setuid() and setgid() return values are not checked in cron's code used > to execute user-provided commands:
This issue was reported as CVD-2006-2607 and fixed a long time ago. Here's the relevant patch: https://sources.debian.org/src/cron/3.0pl1-162/debian/patches/fixes/Check-privilege-drop-results-CVE-2006-2607.patch/ Are you perhaps looking at the unpatched source? Best, Christian

