Twitter | Pretraživanje | |
Grant Hernandez 24. sij
In vixie-cron, SUID crontab prevents crontab editing if /etc/cron.allow is empty. If you force the ulimit for open files to be 4, auth check is bypassed but you hit another error lower down :( $ bash -c 'ulimit -n 4; crontab newtab' /var/spool/cron/: mkstemp: Too many open files
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez
Normally it would say this: $ crontab newtab You (grant) are not allowed to use this program (crontab) See crontab(1) for more information
Reply Retweet Označi sa "sviđa mi se" More
Grant Hernandez 24. sij
Odgovor korisniku/ci @Digital_Cold
This is the allowed check that is passed to the lack of error handling on fopen: And this is as far as the program gets with the new ulimit:
Reply Retweet Označi sa "sviđa mi se"
Grant Hernandez 24. sij
Odgovor korisniku/ci @Digital_Cold
Looks like a bug, and almost a vulnerability, but not quite. Maybe some better pwners can take this to an exploit?
Reply Retweet Označi sa "sviđa mi se"