Re: crontab and editors (was Re: Editor Priorities)
> How on earth are you going to prevent that? crontab /some/file
> already allows one to replace my own crontab with something else. Or
Err, the point is that it only do that with files *you can read*. The
attack in question is where a user does something like "crontab
/etc/shadow" which crontab itself succeeds in reading even though you
can't... or more trickily by replacing the user-edit copy of the file
with a symlink... or replacing the directory with a different one (or
a link elsewhere), etc. A variety of integrity issues that have
nothing to do with what's in the file, only how it gets found...
However, the non-writable-directory approach should (as someone else
mentioned here) Do The Desired Thing even with copy-and-move
(ie. "correct enough to actually use") editors.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: