On Wed, 6 Jun 2001, Michal Zalewski wrote: > On Wed, 6 Jun 2001, KF wrote: > > > exactly what I was thinking... crontab -e calls vi to open the users > > crontab... this is why I was wondering if it could be exploited due to > > the fact that crontab is suid. > > Not really. As long as crontab itself is not broken, it should invoke vi > without additional priviledges. While there is discussion about crontab... 'crontab' should only be suid and *no* sgid I know that, but I think it should be common practice that if You are using suids in Your software You should check both euid and egid. Just in case someone screwed something up. I saw this situation few times on Unix systems - 'crontab' was suid and sgid to root. In this situation You can use $EDITOR to execute something with euid=root. I don't know why there was sgid. Maybe the reason was one of the following: - broken RPM - bad practice:if You want to remove suid bit You simply type 'chmod a-s', but after that if You want to set that bit back You can sometimes do 'chmod a+s' instead of 'chmod u+s'. - some kind of backdoor - something wrong with the distributon itself I'am wondering if someone too saw sgid bit on the 'crontab' binary and can tell us what is the reason of that situation? --- Tomasz Grabowski (0-91)4333950 Akademickie Centrum Informatyki mailto:cadenceat_private
This archive was generated by hypermail 2b30 : Thu Jun 07 2001 - 08:29:14 PDT