COMMAND

    crontab

SYSTEM AFFECTED

    Linux Slackware 3.0

PROBLEM


    When  using  Slackware  3.0,  You  can  notice  a problem with the
    default root crontab.   It runs updatedb  at 7:40 a.m.  every day,
    but  unforunately   updatedb  has   a  temporary   file   security
    problem--it doesn't  check for  symlinks (or  if the  file exists,
    for that matter).  updatedb will write to /var/tmp (or  /usr/tmp),
    and  although  the  filename  includes  the  PID  of the shell the
    script is  running under,  a vulnerability  still exists.   Credit
    for this discovery goes to Jon Snyder.

SOLUTION

    Move out updatedb from your crontab.