[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: crontab and editors (was Re: Editor Priorities)

>>"Matt" == Matt Zimmerman <mdz@debian.org> writes:

 Matt> After the edit is complete, crontab (the privileged parent
 Matt> process) reads the resulting file in order to write it into the
 Matt> crontabs directory.  The point is to avoid letting users trick
 Matt> crontab into reading arbitrary files and writing them into the
 Matt> user's crontab, where the user can then read them.

	How on earth are you going to prevent that? crontab /some/file
 already allows one to replace my own crontab with something else. Or
 are you claiming that crontab reads, parses, and sanitizes any file
 presented? In which case, once the users symlink is read, do the same

	I think this is going way beyond what is required; a user can
 always present any file to crontab, and a suer can easily destroy any
 files they have write access to. Preventing a cracker from tricking a
 user into destroying their own files ought to bge the goal here.

 College: The fountains of knowledge, where everyone goes to drink.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: