|
@Digital_Cold | |||||
|
Normally it would say this:
$ crontab newtab
You (grant) are not allowed to use this program (crontab)
See crontab(1) for more information
|
||||||
|
||||||
|
Grant Hernandez
@Digital_Cold
|
24. sij |
|
In vixie-cron, SUID crontab prevents crontab editing if /etc/cron.allow is empty. If you force the ulimit for open files to be 4, auth check is bypassed but you hit another error lower down :(
$ bash -c 'ulimit -n 4; crontab newtab'
/var/spool/cron/: mkstemp: Too many open files
|
||
|
|
||
|
Grant Hernandez
@Digital_Cold
|
24. sij |
|
This is the allowed check that is passed to the lack of error handling on fopen: github.com/svagner/vixie-…
And this is as far as the program gets with the new ulimit: github.com/svagner/vixie-…
|
||
|
|
||
|
Grant Hernandez
@Digital_Cold
|
24. sij |
|
Looks like a bug, and almost a vulnerability, but not quite. Maybe some better pwners can take this to an exploit?
|
||
|
|
||