Re: Bug#1400: Cron should respect /etc/group

To: Dirk.Eddelbuettel@qed.econ.queensu.ca, debian-bugs-done@Pixar.com, Debian developers list <debian-devel@Pixar.com>
Subject: Re: Bug#1400: Cron should respect /etc/group
From: Ian Jackson <iwj10@cus.cam.ac.uk>
Date: Thu, 21 Sep 95 01:59 BST
Message-id: <[🔎] m0svZza-0002ZbA@chiark.al.cl.cam.ac.uk>

Shit shit shit shit shit.

This is a major security hole - see my message to debian-changes.

For the technically minded, here is what do_command.c used to say:
 # if defined(BSD)
                 initgroups(env_get("LOGNAME", e->envp), e->gid);
 # endif

I'm closing this bug report.  Could someone with access to a few other
Linux systems please check them to see if they are vulnerable ?  If so
we should make a posting to linux-alert.

Ian.

Reply to:

Prev by Date: Re: /dev permissions
Next by Date: New cron now in Incoming
Previous by thread: Bug#1400: Cron should respect /etc/group
Next by thread: `Special instructions' file
Index(es):
- Date
- Thread