Re: crontab and editors (was Re: Editor Priorities)
>>"Matt" == Matt Zimmerman <firstname.lastname@example.org> writes:
Matt> After the edit is complete, crontab (the privileged parent
Matt> process) reads the resulting file in order to write it into the
Matt> crontabs directory. The point is to avoid letting users trick
Matt> crontab into reading arbitrary files and writing them into the
Matt> user's crontab, where the user can then read them.
How on earth are you going to prevent that? crontab /some/file
already allows one to replace my own crontab with something else. Or
are you claiming that crontab reads, parses, and sanitizes any file
presented? In which case, once the users symlink is read, do the same
I think this is going way beyond what is required; a user can
always present any file to crontab, and a suer can easily destroy any
files they have write access to. Preventing a cracker from tricking a
user into destroying their own files ought to bge the goal here.
College: The fountains of knowledge, where everyone goes to drink.
Manoj Srivastava <email@example.com> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com