So your doing it as root. Root can do that. As it has access to everything.
On Sep 1, 2016 8:15 AM, "Andrii Kuzik" <aku...@gmail.com> wrote: > Probably a lot of freebsd servers affected > > Security bug allows to edit other users crontab > > root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp > root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp > root# echo @daily doit baby > /tmp/test > root# crontab -u www.promspecbud.com.other /tmp/test > root# crontab -u www.promspecbud.com -l > > =====output ===== > @daily doit baby > ================= > > root#echo @daily doit baby one more time>> /tmp/test > root#sudo -u www.promspecbud.com.other crontab /tmp/test > root#sudo -u www.promspecbud.com crontab -l > =====output ===== > @daily doit baby > @daily doit baby one more time > ================= > > root# uname -a > FreeBSD kuzik 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 > 02:10:02 UTC 2016 > r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 > > best regards, Andrii Kuzik > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org > " > _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
