Re: crontab and editors (was Re: Editor Priorities)

To: debian-devel@lists.debian.org
Subject: Re: crontab and editors (was Re: Editor Priorities)
From: Steve Greenland <steveg@moregruel.net>
Date: Thu, 9 May 2002 09:23:04 -0500
Message-id: <[🔎] 20020509142304.GA22735@molehole.dyndns.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: Steve Greenland <steveg@moregruel.net>
In-reply-to: <[🔎] 87bsbpenlz.fsf@glaurung.green-gryphon.com>
References: <[🔎] 20020508143957.6224.qmail@green.zadka.com> <[🔎] 20020508185009.A18375@nfsd.linpro.no> <[🔎] 20020508185009.A18375@nfsd.linpro.no> <[🔎] 20020508173815.GD20819@molehole.dyndns.org> <[🔎] 848z6u347s.fsf_-_@rjk.greenend.org.uk> <[🔎] 848z6u347s.fsf_-_@rjk.greenend.org.uk> <[🔎] 20020508194915.GA21145@molehole.dyndns.org> <[🔎] 84r8km2vjx.fsf@rjk.greenend.org.uk> <[🔎] 20020509005908.GA21548@molehole.dyndns.org> <[🔎] 87bsbpenlz.fsf@glaurung.green-gryphon.com>

On 09-May-02, 03:23 (CDT), Manoj Srivastava <srivasta@debian.org> wrote: 
>  Steve> How is this broken - Other than in the presence of editors that do
>  Steve> backups incorrectly. :-)
> 
> 	The assumption that the inode has not changed is the breakage.
>  I should have read the whole thread before posting (I thought there
>  was a tmp race y'all were talking about), but this is still a problem...

It's not an assumption, it's a deliberate design choice by Paul Vixie,
explicitly commented as such in the code, particularly to *avoid* the
tmp race issue. 

Look, it would make my life easier if it worked by re-opening the file,
which should work with any editor. But someone competent in security
issues needs to submit a patch to be audited by others in security
issues before I'll make such a change. Items to consider:

1. crontab is suid (has to be, to read/write /var/spool/cron/crontabs).

2. crontab -u otheruser (usuable by root, only).

3. closing and reopening the file in any user-writable space is
unnacceptable, for obvious reasons.

Steve

-- 
Steve Greenland

-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Editor Priorities
  - From: m@moshez.org
- Re: Editor Priorities
  - From: Tore Anderson <tore@linpro.no>
- Re: Editor Priorities
  - From: Steve Greenland <steveg@moregruel.net>
- crontab and editors (was Re: Editor Priorities)
  - From: Richard Kettlewell <richardk@chiark.greenend.org.uk>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Richard Kettlewell <richardk@chiark.greenend.org.uk>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Bug#146390: ITP: opendchub -- Hub (server) for Direct Connect network
Next by Date: Re: crontab and editors (was Re: Editor Priorities)
Previous by thread: Re: crontab and editors (was Re: Editor Priorities)
Next by thread: Re: crontab and editors (was Re: Editor Priorities)
Index(es):
- Date
- Thread