Package: cronic Version: 2-1 Severity: grave Tags: security Justification: user security hole
Hi,
It looks like cronic uses very predictable temporary files (like
/tmp/cronic.out.$$) that depends only on PID:
--
OUT=/tmp/cronic.out.$$
ERR=/tmp/cronic.err.$$
TRACE=/tmp/cronic.trace.$$
set +e
"$@" >$OUT 2>$TRACE
RESULT=$?
set -e
--
Once used in root cron job, it opens a way to write garbage to any file by
creating symlinks '/tmp/cronic.out.PID -> /etc/fstab'
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0+ (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages cronic depends on:
ii bash 4.3-14+b1
cronic recommends no packages.
Versions of packages cronic suggests:
ii cron 3.0pl1-128
-- no debconf information
--
WBR, Dmitry
signature.asc
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
