I should be so lucky

Tuesday, 18 July 2006

Cron should not read and process core files, or anything else which contains non-ASCII contents. This would prevent exploits such as that used against CVE-2006-2451.

Provisional patch here:


Applies to cron version 3.0pl1-94.

Could also test file size too I guess, but that might lead to more false-positives.

If it looks reasonable I’ll file it as a wishlist bug.

Updated: new patch to allow non-ASCII character sets/locales.

| No comments



Recent Posts

Recent Tags