Re: suid

To: debian-security@lists.debian.org
Subject: Re: suid
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Sat, 17 Apr 2004 02:33:39 +0200
Message-id: <[🔎] E1BEdm7-0007w8-00@calista.eckenfels.6bone.ka-ip.net>
In-reply-to: <[🔎] 1877275296.20040417002119@lists.debian.org>

In article <[🔎] 1877275296.20040417002119@lists.debian.org> you wrote:
> -rwsr-xr-x    1 root     root        22460 Oct  1  2001 /usr/bin/crontab
> 
> yes, because only in this condition normal user can set crontab rules.

this deends on the cron used. The cron in qustion needs to restrict the
access to the spool directory because it is shared. One could change the
owner of the crontab file, but then it is hard to atomically replace the
file without write access to the spool dir. The best solution is to have the
crontab in a user owned directory. 

It is not a good idea to change this without having a close look at the cron
code in question. It might be much better to use another cron flavor.

Greetings
Bernd
-- 
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/

Reply to:

Follow-Ups:
- Re: suid
  - From: Mario Ohnewald <mario.ohnewald@gmx.de>

References:
- Re: suid
  - From: Marcin <lfe@ghnet.pl>

Prev by Date: Re: suid
Next by Date: apache - not upgrading correctly ...
Previous by thread: Re: suid
Next by thread: Re: suid
Index(es):
- Date
- Thread