Description of problem: If a user runs crontab and then exits with CTRL-c, the crontab command will leave behind a file named "tmp.<PID>" in /var/spool/cron. I've verified that this happens with current versions of vixie-cron on both RHEL 3 and RHAS 2.1. Version-Release number of selected component (if applicable): vixie-cron-3.0.1 (-75.1 on RHEL 3, -63.1 on RHAS 2.1) How reproducible: Run crontab and hit CTRL-c, then check the contents of /var/spool/cron. Steps to Reproduce: 1. crontab 2. CTRL-c Actual results: A spurious temporary file is left behind in /var/spool/cron. Expected results: The crontab command cleans up after itself after a CTRL-c. Additional info: This is potentially a security issue since it allows a normal user to create files in /var/spool/cron with relatively predictable names. It seems that it would only be exploitable if there were a user named "tmp.<PID>" on the system, however, which is unlikely.
OK, I'll fix this in the next release.
This bug is fixed in with vixie-cron-4.1-6_EL3, which should be in RHEL-3-U6, but which meanwhile can be downloaded from: http://people.redhat.com/~jvdias/cron/RHEL-3/4.1-6_EL3
I am removing the security severity. While this does put a file in /var/spool/cron, you cannot control the contents of the file (empty in this instance).
The bug was fixed in vixie-cron-4.1-6_EL3.