Re: crontab and editors (was Re: Editor Priorities)

To: debian-devel@lists.debian.org
Subject: Re: crontab and editors (was Re: Editor Priorities)
From: Mark Eichin <eichin@thok.org>
Date: 13 May 2002 14:37:27 -0400
Message-id: <[🔎] xe1bsbjao7s.fsf@swat.thok.org>
In-reply-to: Manoj Srivastava's message of "Mon, 13 May 2002 10:54:44 -0500"
References: <[🔎] 20020508194915.GA21145@molehole.dyndns.org> <[🔎] 84r8km2vjx.fsf@rjk.greenend.org.uk> <[🔎] 84r8km2vjx.fsf@rjk.greenend.org.uk> <[🔎] 20020509005908.GA21548@molehole.dyndns.org> <[🔎] 84n0v9ip3s.fsf@rjk.greenend.org.uk> <[🔎] 20020509142408.GB22735@molehole.dyndns.org> <[🔎] 20020509151043.GF537@wiggy.net> <[🔎] 20020512200401.GA32393@molehole.dyndns.org> <[🔎] 20020513095911.O913@justice.loyola.edu> <[🔎] 20020513142412.GB2712@molehole.dyndns.org> <[🔎] 20020513151513.GC7728@alcor.net> <[🔎] 87adr4dovv.fsf@glaurung.green-gryphon.com>

> 	How on earth are you going to prevent that? crontab /some/file
>  already allows one to replace my own crontab with something else. Or

Err, the point is that it only do that with files *you can read*.  The
attack in question is where a user does something like "crontab
/etc/shadow" which crontab itself succeeds in reading even though you
can't... or more trickily by replacing the user-edit copy of the file
with a symlink... or replacing the directory with a different one (or
a link elsewhere), etc.  A variety of integrity issues that have
nothing to do with what's in the file, only how it gets found...

However, the non-writable-directory approach should (as someone else
mentioned here) Do The Desired Thing even with copy-and-move
(ie. "correct enough to actually use") editors.


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Richard Kettlewell <richardk@chiark.greenend.org.uk>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Richard Kettlewell <richardk@chiark.greenend.org.uk>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Michael Stone <mstone@debian.org>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Steve Greenland <steveg@moregruel.net>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Matt Zimmerman <mdz@debian.org>
- Re: crontab and editors (was Re: Editor Priorities)
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: RMS' girlfriend
Next by Date: Re: RMS' girlfriend
Previous by thread: Re: crontab and editors (was Re: Editor Priorities)
Next by thread: Re: crontab and editors (was Re: Editor Priorities)
Index(es):
- Date
- Thread