Re: crontab and editors (was Re: Editor Priorities)

To: debian-devel@lists.debian.org
Subject: Re: crontab and editors (was Re: Editor Priorities)
From: Manoj Srivastava <srivasta@debian.org>
Date: Mon, 13 May 2002 10:54:44 -0500
Message-id: <[🔎] 87adr4dovv.fsf@glaurung.green-gryphon.com>
In-reply-to: <[🔎] 20020513151513.GC7728@alcor.net> (Matt Zimmerman's message of "Mon, 13 May 2002 11:15:13 -0400")
References: <[🔎] 20020508194915.GA21145@molehole.dyndns.org> <[🔎] 84r8km2vjx.fsf@rjk.greenend.org.uk> <[🔎] 84r8km2vjx.fsf@rjk.greenend.org.uk> <[🔎] 20020509005908.GA21548@molehole.dyndns.org> <[🔎] 84n0v9ip3s.fsf@rjk.greenend.org.uk> <[🔎] 20020509142408.GB22735@molehole.dyndns.org> <[🔎] 20020509151043.GF537@wiggy.net> <[🔎] 20020512200401.GA32393@molehole.dyndns.org> <[🔎] 20020513095911.O913@justice.loyola.edu> <[🔎] 20020513142412.GB2712@molehole.dyndns.org> <[🔎] 20020513151513.GC7728@alcor.net>

>>"Matt" == Matt Zimmerman <mdz@debian.org> writes:

 Matt> After the edit is complete, crontab (the privileged parent
 Matt> process) reads the resulting file in order to write it into the
 Matt> crontabs directory.  The point is to avoid letting users trick
 Matt> crontab into reading arbitrary files and writing them into the
 Matt> user's crontab, where the user can then read them.

	How on earth are you going to prevent that? crontab /some/file
 already allows one to replace my own crontab with something else. Or
 are you claiming that crontab reads, parses, and sanitizes any file
 presented? In which case, once the users symlink is read, do the same
 sanitation. 


	I think this is going way beyond what is required; a user can
 always present any file to crontab, and a suer can easily destroy any
 files they have write access to. Preventing a cracker from tricking a
 user into destroying their own files ought to bge the goal here.

	manoj
-- 
 College: The fountains of knowledge, where everyone goes to drink.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Matt Zimmerman <mdz@debian.org>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Mark Eichin <eichin@thok.org>

References:
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Richard Kettlewell <richardk@chiark.greenend.org.uk>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Richard Kettlewell <richardk@chiark.greenend.org.uk>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Michael Stone <mstone@debian.org>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: crontab and editors (was Re: Editor Priorities)
Next by Date: Re: [PLUG] [PLUG-Announce] Building Debian Packages: By Example
Previous by thread: Re: crontab and editors (was Re: Editor Priorities)
Next by thread: Re: crontab and editors (was Re: Editor Priorities)
Index(es):
- Date
- Thread