[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setgid crontab

On 02-Aug-03, 23:36 (CDT), Matt Zimmerman <mdz@debian.org> wrote: 
> So: open, fstat, stat, compare fstat.st_ino to stat.st_ino, check
> fstat.st_uid.  O_EXCL should also be used when writing to the directory.

That introduces a (possibly minor) race condition: if the user runs
crontab to replace their file between the open() and stat() calls,
this check will fail. Not a huge problem, because it will pick it up
correctly the next time cron runs. And better to have the check than
not, I agree.

For the record, the way crontab add/replaces the user's file is to
first create a tmp file in the spool directory, check that it parses
correctly, and then rename() it to the user's name.

I'll take a look at the OpenBSD and Solar Designer implementations, and
see what they did.

> It should be noted somewhere that these protections do little good if the
> system allows users to give away their files (as with the recent XFS bug),
> and gid cron becomes equivalent to root again.

Nor do they do any good if root's password is empty. Not cron's problem.
(Insert standard homily about security and the chain's weakest link.)

Steve

-- 
Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net
Reply to: