edit others user crontab, security bug
Ed Maste
emaste at freebsd.org
Sun Sep 4 01:44:10 UTC 2016
On 3 September 2016 at 02:31, Garrett Wollman <wollman at bimajority.org> wrote:
>
> I see now that this was fixed by emaste@ yesterday (r305269). I'm a
> bit disappointed that it was done using MAXLOGNAME, but looking at the
> way it's used in the code, fixing it to use the proper POSIX parameter
> {LOGIN_NAME_MAX} would require significant restructuring, ...
Yep, as I mentioned in the code review for my change I agree cron
warrants a deeper investigation and refactoring, but I wanted to get
the immediate issue fixed as soon as possible.
-Ed
More information about the freebsd-security
mailing list