Bug 135645

Summary: The crontab command leaves a temp file in /var/spool/cron on CTRL-c
Product: Red Hat Enterprise Linux 3 Reporter: John Caruso <jcaruso>
Component: vixie-cronAssignee: Marcela Mašláňová <mmaslano>
Status: CLOSED CURRENTRELEASE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: impact=low,public=20041013
Fixed In Version: vixie-cron-4.1-6_EL3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-29 08:29:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Caruso 2004-10-13 23:55:31 UTC 
Description of problem:
If a user runs crontab and then exits with CTRL-c, the crontab 
command will leave behind a file named "tmp.<PID>" 
in /var/spool/cron.  I've verified that this happens with current 
versions of vixie-cron on both RHEL 3 and RHAS 2.1.

Version-Release number of selected component (if applicable):
vixie-cron-3.0.1 (-75.1 on RHEL 3, -63.1 on RHAS 2.1)

How reproducible:
Run crontab and hit CTRL-c, then check the contents 
of /var/spool/cron.

Steps to Reproduce:
1. crontab
2. CTRL-c
  
Actual results:
A spurious temporary file is left behind in /var/spool/cron.

Expected results:
The crontab command cleans up after itself after a CTRL-c.

Additional info:
This is potentially a security issue since it allows a normal user to 
create files in /var/spool/cron with relatively predictable names.  
It seems that it would only be exploitable if there were a user 
named "tmp.<PID>" on the system, however, which is unlikely.
Comment 1 Jason Vas Dias 2004-10-14 15:21:20 UTC 
OK, I'll fix this in the next release.
Comment 2 Jason Vas Dias 2005-06-01 23:51:00 UTC 
This bug is fixed in with vixie-cron-4.1-6_EL3, which should be in
RHEL-3-U6, but which meanwhile can be downloaded from:
http://people.redhat.com/~jvdias/cron/RHEL-3/4.1-6_EL3
Comment 3 Josh Bressers 2005-06-17 16:25:19 UTC 
I am removing the security severity.  While this does put a file in
/var/spool/cron, you cannot control the contents of the file (empty in this
instance).
Comment 4 Marcela Mašláňová 2006-08-29 08:29:28 UTC 
The bug was fixed in vixie-cron-4.1-6_EL3.