cron 3.0pl1-20: URGENT SECURITY FIX
There is a major security hole in cron 3.0pl1-19 and earlier, allowing
any user to gain access to the `root' group. On many (most?) systems
this will quickly allow them to gain superuser access.
I am currently uploading cron-3.0pl1-20.deb using my 2400-baud modem.
In the meantime, please disable your cron daemon:
# killall cron
# chmod 400 /usr/sbin/cron
Ian M.: please replace the cron in the binary directory with this one
immediately. The source will arrive tomorrow - my modem is too slow
to get it uploaded today.
If you download from Incoming, please check the file size - the binary
package file is 27737 bytes.
cron (3.0pl1-20); priority=URGENT
* cron now uses initgroups when running jobs. Bug#1400. AARGH!
-- Ian Jackson <iwj10@cus.cam.ac.uk> Thu, 21 Sep 1995 01:44:11 +0100
169cec1ee4387c994798608385826363 cron-3.0pl1-20.deb
e9b26cb21aac62dcee5d443ce6dd7ab4 cron-3.0pl1-20.diff.gz
29655e14fff95cd477f1b3775d85d8d2 cron-3.0pl1-20.tar.gz
-rw-r--r-- 1 root root 27737 Sep 21 01:52 cron-3.0pl1-20.deb
-rw-rw-r-- 1 ian ian 10093 Sep 21 01:50 cron-3.0pl1-20.diff.gz
-rw-rw-r-- 1 ian ian 66738 Sep 21 01:50 cron-3.0pl1-20.tar.gz
Reply to: