New issue
Advanced search Search tips

Issue 632983 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Jul 2016
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Security issue related to the cron job

Reported by betbr...@gmail.com, Jul 30 2016 
Hi. I am still not sure 100% if this fits in what you're looking for, since I am really new in this field, but the symbolic link to the cron job in /etc/cron.daily google-chrome -> /opt/google/chrome/cron/google-chrome is writable by groups and world, in fact the permissions of the *symbolic* link are 777, not the actual script to which it leads to, but that still can be dangerous since it is owned by root. This happens for all the Debian based OSes. I hope that helps you out a little :) Keep up the good work.

Best regards,
Tim

Comment 1 by rickyz@chromium.org, Jul 31 2016

Labels: OS-Linux
Status: WontFix (was: Unconfirmed)
Thanks for the report. As documented at http://man7.org/linux/man-pages/man7/symlink.7.html, under "Symbolic link ownership, permissions, and timestamps" the permissions on a symbolic link will always show as 0777, but they are not actually for any permission checking, so you wouldn't be able to modify it in any way. Please let us know if you find any way to do so though :-)
Project Member

Comment 2 by sheriffbot@chromium.org, Nov 6 2016

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment