Red Hat Bugzilla – Bug 135645
The crontab command leaves a temp file in /var/spool/cron on CTRL-c
Last modified: 2007-11-30 17:07:04 EST
Description of problem:
If a user runs crontab and then exits with CTRL-c, the crontab
command will leave behind a file named "tmp.<PID>"
in /var/spool/cron. I've verified that this happens with current
versions of vixie-cron on both RHEL 3 and RHAS 2.1.
Version-Release number of selected component (if applicable):
vixie-cron-3.0.1 (-75.1 on RHEL 3, -63.1 on RHAS 2.1)
Run crontab and hit CTRL-c, then check the contents
Steps to Reproduce:
A spurious temporary file is left behind in /var/spool/cron.
The crontab command cleans up after itself after a CTRL-c.
This is potentially a security issue since it allows a normal user to
create files in /var/spool/cron with relatively predictable names.
It seems that it would only be exploitable if there were a user
named "tmp.<PID>" on the system, however, which is unlikely.
OK, I'll fix this in the next release.
This bug is fixed in with vixie-cron-4.1-6_EL3, which should be in
RHEL-3-U6, but which meanwhile can be downloaded from:
I am removing the security severity. While this does put a file in
/var/spool/cron, you cannot control the contents of the file (empty in this
The bug was fixed in vixie-cron-4.1-6_EL3.