Re: crontab and editors (was Re: Editor Priorities)
On 09-May-02, 03:23 (CDT), Manoj Srivastava <srivasta@debian.org> wrote:
> Steve> How is this broken - Other than in the presence of editors that do
> Steve> backups incorrectly. :-)
>
> The assumption that the inode has not changed is the breakage.
> I should have read the whole thread before posting (I thought there
> was a tmp race y'all were talking about), but this is still a problem...
It's not an assumption, it's a deliberate design choice by Paul Vixie,
explicitly commented as such in the code, particularly to *avoid* the
tmp race issue.
Look, it would make my life easier if it worked by re-opening the file,
which should work with any editor. But someone competent in security
issues needs to submit a patch to be audited by others in security
issues before I'll make such a change. Items to consider:
1. crontab is suid (has to be, to read/write /var/spool/cron/crontabs).
2. crontab -u otheruser (usuable by root, only).
3. closing and reopening the file in any user-writable space is
unnacceptable, for obvious reasons.
Steve
--
Steve Greenland
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: