Bug 135645 - The crontab command leaves a temp file in /var/spool/cron on CTRL-c
The crontab command leaves a temp file in /var/spool/cron on CTRL-c
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: vixie-cron (Show other bugs)
3.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Marcela Mašláňová
Brock Organ
impact=low,public=20041013
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-13 19:55 EDT by John Caruso
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: vixie-cron-4.1-6_EL3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-29 04:29:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Caruso 2004-10-13 19:55:31 EDT
Description of problem:
If a user runs crontab and then exits with CTRL-c, the crontab 
command will leave behind a file named "tmp.<PID>" 
in /var/spool/cron.  I've verified that this happens with current 
versions of vixie-cron on both RHEL 3 and RHAS 2.1.

Version-Release number of selected component (if applicable):
vixie-cron-3.0.1 (-75.1 on RHEL 3, -63.1 on RHAS 2.1)

How reproducible:
Run crontab and hit CTRL-c, then check the contents 
of /var/spool/cron.

Steps to Reproduce:
1. crontab
2. CTRL-c
  
Actual results:
A spurious temporary file is left behind in /var/spool/cron.

Expected results:
The crontab command cleans up after itself after a CTRL-c.

Additional info:
This is potentially a security issue since it allows a normal user to 
create files in /var/spool/cron with relatively predictable names.  
It seems that it would only be exploitable if there were a user 
named "tmp.<PID>" on the system, however, which is unlikely.
Comment 1 Jason Vas Dias 2004-10-14 11:21:20 EDT
OK, I'll fix this in the next release.
Comment 2 Jason Vas Dias 2005-06-01 19:51:00 EDT
This bug is fixed in with vixie-cron-4.1-6_EL3, which should be in
RHEL-3-U6, but which meanwhile can be downloaded from:
http://people.redhat.com/~jvdias/cron/RHEL-3/4.1-6_EL3
Comment 3 Josh Bressers 2005-06-17 12:25:19 EDT
I am removing the security severity.  While this does put a file in
/var/spool/cron, you cannot control the contents of the file (empty in this
instance).
Comment 4 Marcela Mašláňová 2006-08-29 04:29:28 EDT
The bug was fixed in vixie-cron-4.1-6_EL3. 

Note You need to log in before you can comment on or make changes to this bug.