About Archive Tags RSS Feed


I should be so lucky

18 July 2006 21:50

Cron should not read and process core files, or anything else which contains non-ASCII contents. This would prevent exploits such as that used against CVE-2006-2451.

Provisional patch here:


Applies to cron version 3.0pl1-94.

Could also test file size too I guess, but that might lead to more false-positives.

If it looks reasonable I'll file it as a wishlist bug.

Updated: new patch to allow non-ASCII character sets/locales.

| No comments