Re: setgid crontab

To: debian-devel@lists.debian.org
Cc:
Subject: Re: setgid crontab
From: Blars Blarson <blarson@blars.org>
Date: Mon, 4 Aug 2003 19:55:34 -0700
Message-id: <[🔎] 200308050255.h752tYkp016467@renig.nat.blars.org>
In-reply-to: <[🔎] 20030803011923.GP24128@alcor.net>
References: <[🔎] 20030802195103.GA23026@molehole.dyndns.org> <[🔎] 20030802195103.GA23026@molehole.dyndns.org>

In article <[🔎] 20030803011923.GP24128@alcor.net> mdz@debian.org writes:
>On Sat, Aug 02, 2003 at 02:51:03PM -0500, Steve Greenland wrote:
>Under this setup, when cron opens a crontab file, it should fstat() it and
>check that it is owned by the uid under which its contents will be executed
>before trusting it.

It should not trust symbolic links either.  Otherwise it instanly promotes
everything that looks like a crontab into one.


-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
"Text is a way we cheat time." -- Patrick Nielsen Hayden

Reply to:

Follow-Ups:
- Re: setgid crontab
  - From: Matt Zimmerman <mdz@debian.org>

References:
- setgid crontab
  - From: Steve Greenland <steveg@moregruel.net>
- Re: setgid crontab
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Should this be filed as grave? Gcc-2.95
Next by Date: Re: setgid crontab
Previous by thread: Re: setgid crontab
Next by thread: Re: setgid crontab
Index(es):
- Date
- Thread